firebase-ai-logic
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or suspicious data operations were identified. The skill's content matches its stated purpose of providing documentation and templates for Firebase AI integration.- [EXTERNAL_DOWNLOADS]: The skill recommends installing standard packages from the NPM registry: "firebase-tools", "firebase", and "@anthropic-ai/sdk". These are well-known and legitimate developer tools.- [PROMPT_INJECTION]: The skill demonstrates functions that process user input via AI models, which is an inherent surface for indirect prompt injection.
- Ingestion points: The "prompt" and "imageUrl" parameters in the implementation functions in SKILL.md.
- Boundary markers: The example code does not implement specific boundary markers (e.g., XML tags or delimiters) around the user input.
- Capability inventory: The skill utilizes the Firebase AI SDK for content generation and multimodal analysis.
- Sanitization: The skill explicitly includes a 'Required Rules' constraint to 'Validate user input', which is a recommended mitigation.
Audit Metadata