firebase-basics

SUSPICIOUS: The Firebase purpose aligns with the Firebase CLI commands, and data flows appear to go to official Firebase/Google tooling rather than an interceptor. The main concern is the mandatory transitive installation of `firebase/agent-skills` plus unpinned `npx ...@latest` execution, which expands trust beyond this skill and increases supply-chain risk. No clear credential theft or malicious exfiltration is present.