firebase-firestore
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it is designed to ingest and process data from an external Firebase Firestore database which may contain untrusted instructions.\n
- Ingestion points: Firestore data access methods such as
getDoc,getDocs, andonSnapshotare utilized inSKILL.mdandtemplates/firebase-client.ts.\n - Boundary markers: No specific delimiters or instructions are provided to the agent to treat external database content as data rather than instructions.\n
- Capability inventory: The agent can write template files and execute package installation commands (
npm install).\n - Sanitization: The provided code samples do not include sanitization or validation logic for data retrieved from the database.\n- [SAFE]: The author name listed in the
.claude-plugin/plugin.jsonfile ("Jeremy Dawes") differs from the provided skill author context ("evolv3ai"). Additionally, the skill references and uses official and well-known librariesfirebaseandfirebase-adminfrom a recognized service provider.
Audit Metadata