Skills
AGENT LAB: SKILLS
skills/firebase/skills/firebase-basics/Gen Agent Trust Hub

firebase-basics

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [Remote Code Execution] (CRITICAL): The file SKILL.md contains a command to download and execute a script directly from an external URL: curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.3/install.sh | bash. This piped execution pattern is highly dangerous as it grants the remote script full execution rights without prior inspection. The source nvm-sh is not on the list of trusted GitHub organizations.
  • [Command Execution] (HIGH): The SKILL.md file suggests using sudo to resolve EACCES errors during global npm installations. This practice promotes privilege escalation and unnecessarily increases the attack surface of the system.
  • [Indirect Prompt Injection] (LOW): The skill creates a surface for indirect prompt injection by facilitating the ingestion of user-controlled strings (Project IDs, app names) into CLI tool parameters without sanitization or boundary markers.
  • Ingestion points: Project ID and display name prompts in firebase projects:create and firebase apps:create in SKILL.md and references/web_setup.md.
  • Boundary markers: Absent; user inputs are interpolated directly into commands.
  • Capability inventory: CLI execution for project management, authentication, and directory creation.
  • Sanitization: None present.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.3/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 05:14 PM