Skills
skills/gemini-cli-extensions/cloud-sql-postgresql/cloud-sql-postgres-data/Gen Agent Trust Hub

cloud-sql-postgres-data

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The scripts download and execute the @toolbox-sdk/server@1.1.0 package from the npm registry using npx at runtime to facilitate database operations.
  • [COMMAND_EXECUTION]: Each tool uses child_process.spawn to invoke the toolbox server. On Windows systems, it includes logic to escape arguments to prevent shell-based command injection.
  • [DATA_EXFILTRATION]: The scripts access environment variables from a .env file located in the project's directory structure (../../../.env) to load database credentials and configuration. This is standard practice for localized development tools and does not involve sending data to unknown external endpoints.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 10:15 PM