firebase-ai-logic
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes instructions for using the official Firebase CLI (
firebase projects:list,firebase apps:list,firebase init). These commands are standard for managing Firebase project configurations and initializing services during development. - [EXTERNAL_DOWNLOADS]: Recommends the installation of the official Firebase package via
npm install -g firebase@latest. This is a well-known library provided by a trusted organization (Google/Firebase). - [PROMPT_INJECTION]: The instructions contain specific model selection logic for the agent (e.g., "Always use the most recent version... DO NOT USE gemini-1.5-flash"). These are standard operational instructions to guide the agent's behavior and do not represent a malicious attempt to bypass safety filters.
- [DATA_EXFILTRATION]: While the code samples show how to send data (text and images) to the Gemini API, these operations use the official Firebase SDK and are the primary intended function of the skill. No unauthorized exfiltration or access to sensitive local files was detected.
Audit Metadata