firestore-operations-manager
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified in the skill instructions or scripts. The instructions focus on legitimate Firestore management tasks and follow documented best practices.
- [EXTERNAL_DOWNLOADS]: The skill references standard Node.js packages (firebase-admin, @firebase/rules-unit-testing) from official registries, which is expected for Firestore development.
- [COMMAND_EXECUTION]: Includes a setup script (scripts/setup-firestore.sh) that uses the gcloud CLI for project configuration, representing standard infrastructure-as-code patterns.
- [SAFE]: (Indirect Prompt Injection surface) The skill processes data from Firestore documents which could potentially contain untrusted instructions. This is an inherent risk for database management tools.
- Ingestion points: Reads from Firestore collections in migration examples.
- Boundary markers: No explicit instructions to the agent to treat document data as untrusted or ignore embedded commands.
- Capability inventory: The agent has Bash access, file system access, and Firestore write capabilities.
- Sanitization: Document data is processed directly without sanitization or validation steps mentioned in the prompts.
Audit Metadata