angularfire

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes code that reads and renders user-provided/untrusted content at runtime — e.g., Cloud Firestore collectionData/docData (references/product-firestore.md), Realtime Database listVal/objectVal (product-realtime-database.md), Cloud Storage download URLs and uploaded file contents (product-storage.md), and FCM message payloads displayed in the UI (product-messaging.md) — which are third-party/user-generated sources the agent would read and interpret.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's service worker code imports remote Firebase scripts at runtime (e.g. https://www.gstatic.com/firebasejs/10.0.0/firebase-app.js and https://www.gstatic.com/firebasejs/10.0.0/firebase-messaging-sw.js), which are fetched and executed in the service worker and are required for the messaging functionality, so they constitute runtime-executed external code.