skills/jeremylongshore/claude-code-plugins-plus-skills/firestore-operations-manager/Gen Agent Trust Hub
firestore-operations-manager
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing standard database libraries including
firebase-admin,@google-cloud/firestore, anddotenvvianpm. - [COMMAND_EXECUTION]: The skill utilizes the
Bashtool for administrative tasks and includes a setup script (scripts/setup-firestore.sh) that enables Google Cloud APIs and creates security rule configurations. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it is designed to read and process untrusted data from various Firestore collections.
- Ingestion points: The agent ingests data from Firestore collections such as
users,agent_sessions,a2a_messages, andagent_memoryduring standard and agent-to-agent workflows. - Boundary markers: No explicit delimiters or instructions are provided to the agent to treat retrieved database content as untrusted data or to ignore embedded instructions.
- Capability inventory: The agent has broad capabilities including
Bash(cmd:*),Write, andEdittools, which could be misused if malicious instructions are retrieved from the database and interpreted by the agent. - Sanitization: The provided instructions and code templates do not specify sanitization or validation logic for data retrieved from Firestore before it is processed.
Audit Metadata