firebase-vertex-ai
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface in
references/SKILL.full.md. User-supplied content from Firestore or HTTP requests is directly interpolated into prompts sent to the Gemini model. - Ingestion points:
references/SKILL.full.md(functionsanalyzeContentandragQueryusedata.contentanddata.query). - Boundary markers: Limited to simple text labels (e.g., 'Content:', 'Question:'), which can be bypassed by adversarial input.
- Capability inventory: The agent has
Bash(cmd:*)and filesystemWrite/Editpermissions, posing a risk if the agent's behavior is influenced by the processed data. - Sanitization: No input validation or instruction-filtering is implemented for the data processed by the LLM.
- [COMMAND_EXECUTION]: The skill requires
Bash(cmd:*)access to manage Firebase deployments, run emulators, and initialize projects viascripts/init-firebase.sh. - [EXTERNAL_DOWNLOADS]: The skill performs external downloads by installing the
firebase-toolspackage globally via npm inscripts/init-firebase.shandreferences/SKILL.full.md.
Audit Metadata