The Agent Skills Directory

[PROMPT_INJECTION] (MEDIUM): The skill includes deceptive metadata and instructions (Category 7). It directs the agent to use non-existent models such as 'gemini-2.5-flash' and 'gemini-3-flash-preview' and a non-existent SDK module 'firebase/ai'. This misinformation can cause operational failures or lead the agent to search for and use untrusted third-party fixes or packages.\n- [PROMPT_INJECTION] (LOW): The skill exhibits a vulnerability to Indirect Prompt Injection (Category 8). Evidence chain: 1. Ingestion points: untrusted user data enters via 'analyzeImage' and 'sendMessage' in references/usage_patterns_web.md. 2. Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands. 3. Capability inventory: The skill calls 'model.generateContent' and 'chat.sendMessage'. 4. Sanitization: Absent; user input is interpolated directly into model calls.\n- [COMMAND_EXECUTION] (SAFE): The skill references standard Firebase CLI commands such as 'firebase init' and 'firebase projects:list'. These are expected for the stated purpose of Firebase integration and do not pose a privilege escalation risk in this context.

firebase-ai-logic