cloud-sql-sqlserver-admin

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt defines required password parameters (rootPassword, password) and shows usage that embeds parameter values inline in generated CLI commands/JSON, which would force the agent to handle and output secret values verbatim (even though env var usage is mentioned as an alternative).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The scripts call npx to fetch and execute the package @toolbox-sdk/server@1.1.0 from the npm registry (e.g. https://registry.npmjs.org/@toolbox-sdk/server), which downloads and runs remote code at runtime and is required for the skill to function.