firebase-integration
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFE
Full Analysis
- [CREDENTIALS_UNSAFE] (MEDIUM): The skill attempts to load sensitive service account credentials from a local file named 'firebase-service-account.json' or an environment variable 'FIREBASE_CONFIG_JSON'. Accessing sensitive file paths is a high-risk behavior, downgraded to medium here because it is the primary purpose of the skill.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill exposes a surface for indirect injection by ingesting untrusted data from the cloud. 1. Ingestion points: The load_data function reads document content from Firestore. 2. Boundary markers: None present in the code; data is processed as raw dictionaries. 3. Capability inventory: The skill allows the agent to save, load, and delete data in Firestore. 4. Sanitization: There is no evidence of validation or escaping for external content before it enters the agent's context.
Audit Metadata