Skills
skills/jeremylongshore/claude-code-plugins-plus/firebase-vertex-ai/Snyk

firebase-vertex-ai

Warn

Audited by Snyk on Apr 4, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill ingests untrusted user-generated content from Firestore (see ARD "Embedding + RAG Flow" and references/examples.md RAG and moderation examples) and includes that content directly in Gemini/Vertex AI prompts whose outputs drive responses and moderation actions, allowing indirect prompt injection.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 4, 2026, 12:40 PM
Issues
1