moai-baas-firebase-ext
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill documentation describes an indirect prompt injection surface (Category 8) necessary for its orchestration functionality.
- Ingestion points: Processes external documentation retrieved via the
mcp__context7__get-library-docstool, incoming JSON payloads in HTTPS Cloud Functions (sync_realtime_data), and file metadata processed by Storage triggers. - Boundary markers: The skill does not explicitly define delimiters or specific instructions to the agent to ignore potentially malicious commands embedded in the retrieved documentation or data.
- Capability inventory: The agent is granted
Bash,Write, andWebFetchtools, providing a significant capability surface for managing cloud infrastructure and local files. - Sanitization: The provided templates include basic structural validation for API requests (e.g., checking for required fields) but do not implement sanitization or filtering of text content retrieved from external sources.
- [CREDENTIALS_UNSAFE]: The skill provides code snippets for initializing the Firebase Admin SDK using service account details (privateKey, clientEmail, projectId). These are implemented as configuration variables in the documentation and no actual secrets or keys are hardcoded in the skill file.
Audit Metadata