firebase-messaging
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill follows documented best practices for integrating Firebase Cloud Messaging (FCM). All code samples align with official documentation.
- [EXTERNAL_DOWNLOADS]: The skill imports scripts from gstatic.com, which is the official content delivery network for Google and Firebase services. These references are standard for web-based Firebase integration and are considered safe.
- [PROMPT_INJECTION]: The skill involves handling incoming data from external Firebase messages. This serves as an entry point for untrusted data. However, the logic provided only prints this data to the console for debugging purposes and does not process it in a way that would trigger secondary instructions or unauthorized commands.
Audit Metadata