firebase-firestore
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Data Exposure & Exfiltration (SAFE): No instances of hardcoded secrets or unsafe data handling were identified. The skill utilizes process.env for all sensitive Firebase configuration parameters.
- Unverifiable Dependencies & Remote Code Execution (SAFE): No suspicious external dependencies or remote execution patterns were found. All imports are from standard, official Firebase SDK packages.
- Prompt Injection (SAFE): No malicious instructions or bypass attempts were detected. The content is purely instructional and focused on Firestore development best practices.
- Obfuscation (SAFE): All code and metadata are presented in cleartext. No encoded strings, hidden Unicode characters, or homoglyphs were found.
- Indirect Prompt Injection (SAFE): While the skill interacts with database data, it does not provide vulnerable interpolation patterns or unsafe capability chains. Standard Firestore security rules and client-side sanitization are recommended in the documentation.
Audit Metadata