firebase-firestore
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill utilizes official Google/Firebase tools (
firebase-tools) and SDKs for various platforms (Web, Android, iOS, Flutter, and Python). These tools are from a well-known service and the skill's author context (firebase) matches these resources. - [SAFE]: The skill provides rigorous instructions for generating Firestore security rules, including a mandatory 'Devil's Advocate Attack' phase where the agent must attempt to exploit its own generated rules to ensure they are secure against unauthorized access, PII leaks, and privilege escalation.
- [SAFE]: No patterns of malicious obfuscation, data exfiltration, or unauthorized execution were detected. All code snippets and CLI commands align with documented Firebase best practices for database management and application security.
- [SAFE]: The skill enforces a 'default deny' principle for database access, instructing the agent to start with restrictive rules and only grant permissions as needed.
Audit Metadata