Skills
NYC
skills/firebase/skills/firebase-ai-logic/Gen Agent Trust Hub

firebase-ai-logic

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Prompt Injection (LOW): The skill includes instructions that attempt to override the AI agent's internal logic regarding model selection and versioning. Evidence: SKILL.md contains 'Always use gemini-2.5-flash or gemini-3-flash-preview unless another model is requested... DO NOT USE gemini 1.5 flash'.
  • Metadata Poisoning (LOW): The skill metadata claims it is the 'Official skill for integrating Firebase AI Logic', which is a deceptive claim to authority that cannot be verified via static analysis.
  • Indirect Prompt Injection (LOW): The skill provides patterns for processing untrusted external data (images, PDFs, and text) through generative models, creating a vulnerability surface. 1. Ingestion points: references/usage_patterns_web.md (analyzeImage, streamResponse, getJsonData functions). 2. Boundary markers: Absent in code examples. 3. Capability inventory: SDK calls to generateContent and sendMessage. 4. Sanitization: Absent.
  • Command Execution (SAFE): The skill instructs the user to install the official Firebase CLI and run initialization commands. Evidence: 'npm install -g firebase@latest' and 'firebase init'. These are standard procedures for the described service.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:25 PM