The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: All scripts within the skill utilize the npx utility to download and execute the @toolbox-sdk/server@1.1.0 package from the npm registry at runtime.
[COMMAND_EXECUTION]: The tool performs its functions by spawning shell processes via child_process.spawn. It passes user-provided command-line arguments to the invoked toolbox CLI, using basic sanitization for Windows environments.
[DATA_EXFILTRATION]: The scripts are designed to read and parse .env files located in the project directory structure to retrieve configuration settings and credentials. While these files are sensitive, the access is for the primary purpose of configuring the administrative tools.
[PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks because it interpolates user-controlled data directly into shell commands.
Ingestion points: Command-line arguments are captured in every file in the scripts/ directory (e.g., scripts/list_instances.js).
Boundary markers: The skill does not use explicit delimiters to isolate interpolated data.
Capability inventory: Each script has the capability to execute shell commands using child_process.spawn with the ingested parameters.
Sanitization: On Windows systems, the scripts attempt to escape double quotes, though they do not fully sanitize all potential shell metacharacters.

cloud-sql-sqlserver-admin