Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/firestore-index-creator/Gen Agent Trust Hub

firestore-index-creator

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill processes user-provided requests and configurations for Firestore and GCP.
  • Ingestion points: User prompts and potentially external configuration data processed by the agent (SKILL.md).
  • Boundary markers: Absent. There are no instructions to delimit untrusted content or ignore embedded instructions.
  • Capability inventory: Access to Bash(gcloud:*), Write, and Edit tools in a GCP environment. This provides a direct path from processed data to infrastructure modification.
  • Sanitization: Absent. No logic is provided to validate or escape inputs before passing them to the shell or using them in file operations.
  • [Command Execution] (MEDIUM): The skill requests broad access to Bash(gcloud:*). While relevant to the stated purpose, the use of a wildcard * allows the agent to execute any gcloud command (e.g., project deletion, IAM modification) rather than being restricted specifically to Firestore index operations.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 05:53 AM