Skills
skills/artemnovichkov/skills/crashlytics/Gen Agent Trust Hub

crashlytics

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The configuration in .mcp.json uses npx to run firebase-tools, which is an official package from a well-known service (Google). This is a standard dependency for fetching crash data from Firebase.
  • [COMMAND_EXECUTION]: The skill utilizes git log and git blame to correlate crash locations with repository history and identify appropriate developers for assignment. These are routine development operations.
  • [PROMPT_INJECTION]: The skill processes external data from Crashlytics, which creates a surface for indirect prompt injection.
  • Ingestion points: Crash telemetry is retrieved from the Firebase MCP server as described in commands/crash-report.md.
  • Boundary markers: No specific delimiters are defined to isolate external error messages from the agent's instructions.
  • Capability inventory: The skill can perform file system writes, execute git commands, and initiate subagent tasks.
  • Sanitization: There is no explicit mention of filtering or sanitizing the input data from the crash reports.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 10:59 AM