skills/gemini-cli-extensions/cloud-sql-postgresql/cloud-sql-postgres-replication/Gen Agent Trust Hub
cloud-sql-postgres-replication
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The scripts download and execute the @toolbox-sdk/server package via npx. This is a standard operation for tools from this vendor.
- [COMMAND_EXECUTION]: All scripts utilize child_process.spawn to execute the npx command, wrapping database management functionality. Argument handling includes platform-specific escaping for Windows.
- [SAFE]: Database credentials and configuration are managed through environment variables and .env files, following security best practices.
- [PROMPT_INJECTION]: The skill processes data from database queries (e.g., role names, settings) which represents a potential surface for indirect injection. Ingestion points: Database query results in scripts like list_roles.js. Boundary markers: None. Capability inventory: child_process.spawn (all scripts). Sanitization: None.
Audit Metadata