crashlytics

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches fatal errors and stack traces from Firebase Crashlytics via the configured MCP server (see .mcp.json and the "Fetch Crashlytics Data" step in commands/crash-report.md), and it directly reads and interprets that user-generated/untrusted crash data to drive analysis, fixes, and developer-assignment decisions, so third-party content could influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's runtime configuration (.mcp.json) invokes npx to fetch and execute the npm package firebase-tools@latest (registry URL e.g. https://registry.npmjs.org/firebase-tools), which downloads and runs remote code as a required dependency for MCP access.