firebase-vertex-ai
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
scripts/init-firebase.shscript automates the installation of the officialfirebase-toolsCLI vianpm install -g firebase-tools. Additionally,references/implementation.mdprovides CI/CD configurations that utilize official GitHub Actions from theactions/andFirebaseExtended/organizations.- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands for project initialization, dependency installation (npm install), and deployment (firebase deploy). This is consistent with its primary purpose as a deployment and setup tool.- [DATA_EXFILTRATION]: Examples inreferences/examples.mdandreferences/implementation.mdusecurlfor connectivity and health checks targeting local emulator ports or project-specific hosting URLs. These operations are used for deployment verification and do not exfiltrate sensitive data to external domains.- [PROMPT_INJECTION]: The skill provides templates for RAG (Retrieval-Augmented Generation) and content moderation that interpolate data from Firestore into LLM prompts. This creates an indirect prompt injection surface if the Firestore data is user-controlled.\n - Ingestion points: Untrusted data enters the context through Firestore document triggers (e.g.,
documents/{docId},posts/{postId}) as seen inreferences/examples.md.\n - Boundary markers: The example prompts do not implement delimiters or specific instructions to ignore embedded commands within the ingested text.\n
- Capability inventory: The generated code has the capability to perform Firestore reads/writes via
firebase-adminand execute AI inference via@google-cloud/vertexai(as documented inreferences/examples.mdandARD.md).\n - Sanitization: The provided code examples do not include explicit sanitization or filtering logic for the data before it is sent to the model.
Audit Metadata