firebase-storage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly downloads and processes user-uploaded, untrusted files from Firebase Storage (e.g., the Cloud Function generateThumbnails uses bucket.file(...).download(), admin SDK functions listTeamDocuments/getSignedUrl/read metadata, and upload handlers that read customMetadata and filenames), so the agent will read and act on arbitrary user-generated content from the storage bucket.