firebase-storage
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides legitimate and secure implementation patterns for Firebase Cloud Storage using the official modular SDKs.
- [SAFE]: Credential management follows industry best practices by utilizing environment variables rather than hardcoded secrets in the provided code snippets.
- [SAFE]: The skill includes comprehensive templates for Firebase Security Rules to enforce access control and validate file metadata, which is critical for preventing unauthorized access and denial-of-service attacks.
- [SAFE]: Guidance for CORS configuration is provided to ensure secure and functional browser-based file operations.
- [PROMPT_INJECTION]: The skill's code templates use untrusted filenames to construct storage paths, creating a potential surface for Indirect Prompt Injection. However, the skill provides mitigation advice, such as generating unique filenames with timestamps, and the risk is considered low in the context of a documentation skill. Ingestion points: SKILL.md components. Boundary markers: Absent. Capability inventory: File upload and listing. Sanitization: Absent.
- [SAFE]: No malicious obfuscation, exfiltration patterns, or unauthorized code execution were detected.
Audit Metadata