fcm-push-notifications
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
firebase-adminpackage via npm. This is the official and well-known library for Firebase integration in Node.js environments. - [PROMPT_INJECTION]: The skill documents how to process deep links embedded in FCM data payloads. This represents a standard application feature for mobile navigation and does not contain malicious override instructions.
- [SAFE]: The skill provides explicit warnings against committing service account credentials to version control and recommends using GCP Secret Manager for production environments, demonstrating a commitment to security best practices.
Audit Metadata