skills/jeremylongshore/claude-code-plugins-plus-skills/firestore-operations-manager/Gen Agent Trust Hub
firestore-operations-manager
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes data from Firestore documents, creating a vulnerability surface where instructions embedded in the database could influence agent behavior.
- Ingestion points: Firestore collections (specifically
agent_memoryandpublicdocuments) read during CRUD operations. - Boundary markers: Absent; there are no instructions to the agent to treat retrieved database content as untrusted or to use delimiters.
- Capability inventory:
Bash(cmd:*),Write,Edit,Read. The high-privilege bash access increases the impact of a successful injection. - Sanitization: Absent; the skill does not specify validation or sanitization steps for data retrieved from Firestore.
- Command Execution (SAFE): The skill requires
Bash(cmd:*)to execute standard infrastructure tools likegcloudandfirebase-tools. This is consistent with the skill's stated purpose of managing Firestore operations and setup. - Metadata Analysis (SAFE): The metadata provided (author, description, and version) is consistent with the provided scripts and documentation. No deceptive patterns were found in the metadata fields.
Audit Metadata