firebase

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill includes code that reads and subscribes to Firestore user-generated data (e.g., getDoc/getDocs, subscribeToPosts/onSnapshot for the posts and comments collections) and the provided rules even allow public reads, so untrusted third-party content from those collections would be ingested and interpreted as part of the workflow.