firestore-security-rules-auditor
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is purely instructional and contains no executable code, shell commands, or network operations. It defines a persona and methodology for the agent to analyze user-provided Firestore security rules.
- [DATA_EXPOSURE_EXFILTRATION]: No sensitive file paths or credentials are used. The email 'admin@example.com' mentioned in the admin bootstrapping section is clearly an illustrative placeholder for logic checking and not a hardcoded secret.
- [PROMPT_INJECTION]: The skill uses directive language ('You are a Senior Security Auditor', 'Actively try to find a sequence of operations to bypass it') to set the agent's behavior for its intended task. These instructions do not attempt to bypass core AI safety guidelines or extract system prompts.
- [INDIRECT_PROMPT_INJECTION]: While the skill is designed to process untrusted data (Firestore rules provided by a user), it has no associated tools or capabilities (such as file writes or network access) that could be exploited through the processed content. The risk is limited to the chat context.
Audit Metadata