The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The scripts utilize npx to download and execute the @toolbox-sdk/server package at runtime. This is the intended method for invoking the underlying Firestore bridge tool.
[COMMAND_EXECUTION]: The skill uses child_process.spawn to execute CLI commands. It includes robust platform-specific handling (e.g., using npx.cmd and shell execution on Windows) to ensure the scripts run correctly across different operating systems.
[DATA_EXFILTRATION]: To authenticate with Firestore, the scripts are configured to read project-specific environment variables from .env files located in the project directory hierarchy. This data is passed directly to the backend process to establish a database connection.
[PROMPT_INJECTION]: The skill processes document data from Firestore, which represents an indirect prompt injection surface. Data stored in the database by external users could theoretically contain instructions aimed at manipulating the agent's behavior.
Ingestion points: Document data returned by the get_documents and query_collection scripts.
Boundary markers: None identified in the script output; data is interpolated directly into the agent context.
Capability inventory: The skill can perform write, update, and delete operations on Firestore and has the ability to execute shell commands via spawn.
Sanitization: No specific filtering or validation of the retrieved document content is performed before it is provided to the agent.
[SAFE]: The scripts are licensed under Apache 2.0 by Google LLC and demonstrate behavior consistent with official cloud management utilities. No evidence of malicious obfuscation, persistence mechanisms, or unauthorized data harvesting was found.

firestore-data