firebase
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill's installation process uses a highly dangerous pattern where a script is downloaded from the internet and immediately executed with full shell privileges. Evidence:
curl -sSL https://canifi.com/skills/firebase/install.sh | bashinSKILL.md. Evidence:curl -sSL https://canifi.com/install.sh | bashinSKILL.md. - [EXTERNAL_DOWNLOADS] (HIGH): The skill depends on files and tools hosted on
canifi.com, which is an untrusted third-party domain. There is no verification of the integrity or safety of the content being downloaded. - [CREDENTIALS_UNSAFE] (HIGH): The documentation encourages users to provide sensitive plain-text credentials (
SERVICE_PASSWORD) to a third-party tool (canifi-env). Because the tool itself is installed via an unvetted RCE pattern, these credentials are at high risk of exfiltration. - [COMMAND_EXECUTION] (MEDIUM): The skill relies on local command execution via the
canifi-envutility and browser automation through Playwright to interact with Google services. - [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection because it reads and processes external data from Firebase (Firestore, Auth, Analytics). Ingestion points: Firestore documents, Firebase Auth user records, and Analytics dashboard content. Boundary markers: None identified. Capability inventory: The skill has the ability to execute shell commands and perform web actions via Playwright. Sanitization: No sanitization of the retrieved Firebase data is mentioned.
Recommendations
- HIGH: Downloads and executes remote code from: https://canifi.com/install.sh, https://canifi.com/skills/firebase/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata