firebase-cli
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the Firebase CLI standalone binary from the official
firebase.toolsdomain. This is a recognized and standard installation method provided by the service for macOS and Linux environments. - [REMOTE_CODE_EXECUTION]: Executes the official installation script for Firebase via a piped bash command and installs the
firebase-toolspackage through the npm registry. These actions are standard procedures for initializing the Firebase development environment. - [COMMAND_EXECUTION]: Uses helper scripts to construct and run Firebase CLI commands. The scripts dynamically assemble command-line arguments to facilitate tasks like deployment and starting local emulators.
- [DATA_EXFILTRATION]: Includes documentation and commands for managing sensitive project data, such as exporting authentication users. These capabilities are intended for administrative use and align with the primary purpose of managing a Firebase project.
- [PROMPT_INJECTION]: The skill implements surfaces for processing external data (e.g., configuration files and user data imports). While this presents a theoretical surface for indirect injection, the skill operates within the context of a developer tool using standard CLI interfaces.
Audit Metadata