moai-baas-firebase-ext
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill documents and enables the use of the Firebase CLI through the
Bashtool. This includes commands for deployment, authentication, and service management (firebase deploy,firebase login). These are standard administrative actions for the stated purpose of the skill. - [DATA_EXPOSURE]: The skill manages sensitive Firebase service account credentials including
privateKeyandclientEmail. It correctly encourages the use of secrets management (e.g., Google Cloud Secret Manager) in its Cloud Run deployment examples rather than hardcoding values. - [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: The skill retrieves data from external sources including Firestore collections (
users/,collaborative/) and Storage object metadata. - Boundary markers: Not explicitly defined in the provided code snippets when interpolating retrieved data.
- Capability inventory: The skill possesses significant capabilities through
Bash,Write, andEdittools, which could be targeted if malicious data is ingested. - Sanitization: The skill includes example Python code that demonstrates basic input validation and sanitization for user-provided data fields.
Audit Metadata