firebase-cli
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches installation scripts from the well-known domain
https://firebase.tools, which is an official resource provided by Google. - [REMOTE_CODE_EXECUTION]: The skill uses a piped bash execution pattern (
curl -sL https://firebase.tools | bash) for installing the CLI. As this originates from a trusted organization, it is documented as intended behavior. - [COMMAND_EXECUTION]: Helper scripts
scripts/deploy.shandscripts/emulators.shdynamically construct and execute commands using theevalfunction. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to the use of
evalin shell scripts with variable interpolation of unsanitized user input. 1. Ingestion points: Command-line arguments passed toscripts/deploy.shandscripts/emulators.sh(e.g., deployment messages). 2. Boundary markers: No delimiters or markers are present to isolate user data. 3. Capability inventory: Execution offirebaseCLI commands viaevalin the bash environment. 4. Sanitization: No sanitization or escaping of special characters is performed on user-provided strings before they are evaluated.
Recommendations
- HIGH: Downloads and executes remote code from: https://firebase.tools - DO NOT USE without thorough review
Audit Metadata