firebase-local-env-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The setup explicitly directs installing and running third‑party packages and extensions from public sources (e.g., "npx skills add firebase/agent-skills", "npx -y firebase-tools@latest mcp", and "gemini extensions install https://github.com/firebase/agent-skills"), which causes the agent to fetch and execute untrusted code from npm/GitHub that can materially change agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly installs and runs remote agent code at runtime (e.g., gemini extensions install https://github.com/firebase/agent-skills and multiple npx commands like npx -y firebase-tools@latest mcp), which fetches and executes external code that provides/controls agent skills and MCP behavior — flagging https://github.com/firebase/agent-skills.