Skills
skills/firebase/firebase-tools/resolve-docker-vulnerabilities/Gen Agent Trust Hub

resolve-docker-vulnerabilities

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the local shell script ./scripts/publish/firebase-docker-image/run.sh to automate image publishing and utilizes the gcloud CLI for listing images and vulnerability reports.
  • [PROMPT_INJECTION]: The skill processes external JSON data from gcloud outputs, which serves as a surface for indirect prompt injection.
  • Ingestion points: Vulnerability report JSON retrieved via gcloud artifacts vulnerabilities list --format=json (SKILL.md).
  • Boundary markers: None present in the instructions.
  • Capability inventory: Includes local file execution (run.sh) and system-level command execution (gcloud).
  • Sanitization: The skill instructions do not specify sanitization or validation of the processed JSON data.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 12:08 AM