Skills
skills/tanabee/skills/firebase-auth-internal-app/Gen Agent Trust Hub

firebase-auth-internal-app

Fail

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: HIGHPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill instructions and reference code facilitate a privilege escalation vulnerability where an authenticated user can modify their own account permissions.
  • Ingestion points: The Firestore 'users/{userId}' document defined in 'references/security_rules.md' allows 'write' access to the owner of the document ('request.auth.uid == userId').
  • Boundary markers: None are present to prevent unauthorized field updates or to isolate sensitive role data from user-writable documents.
  • Capability inventory: The 'onDocumentWritten' trigger in 'references/custom_claims.md' uses 'getAuth().setCustomUserClaims' to update user permissions based on the Firestore document content.
  • Sanitization: Absent; the Cloud Function does not verify the requester's authority or restrict which fields (specifically 'role') can trigger a custom claim update, allowing a user to set their own 'role' to 'admin' and have it reflected in their authentication token.
  • [CREDENTIALS_UNSAFE]: The reference directory contains a hidden metadata file 'references/.security_rules.md.swp' that exposes sensitive information about the development environment.
  • Evidence: The file contains absolute local file system paths ('~yuki.tanabe/dev/tanabee/...') and developer usernames, which could be used to gather intelligence on the internal directory structure and user identifiers.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 24, 2026, 12:28 PM