firebase

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's Firestore examples (getDocs/onSnapshot on collections like "posts") together with the sample security rule "allow read: if true" show the agent reading public, user-generated data from a third-party Firestore backend, so untrusted content could be ingested and interpreted at runtime.