The skill instructs the agent to use `
Claims to do
App Hosting Basics: This skill enables the agent to deploy and manage modern, full-stack web applications (Next.js, Angular, etc.) using Firebase App Hosting.
Actually does
The skill provides instructions for configuring `firebase.json` and `apphosting.yaml` for Firebase App Hosting. It details how to use `npx firebase-tools@latest` commands like `apphosting:secrets` and `deploy` for managing secrets and deploying applications. It also directs users to a Firebase console URL for billing plan upgrades.
/plugin marketplace add firebase/agent-skills/plugin install firebase-app-hosting-basics@firebase/agent-skillsgemini extensions install https://github.com/firebase/agent-skills.git --consentnpx skills add https://github.com/firebase/agent-skills --skill firebase-app-hosting-basicsThe skill instructs the agent to execute `npx` commands, specifically `npx -y firebase-tools@latest apphosting:secrets` for handling sensitive keys. While `firebase-tools` is legitimate, `npx` allows arbitrary package execution, and handling sensitive keys introduces a risk of credential exposure or manipulation if not properly secured or if user input is unsanitized.
npx -y firebase-tools@latest apphosting:secrets
The skill explicitly instructs the agent to direct the user to a Firebase billing upgrade page. This is a benign instruction for a prerequisite, but demonstrates the agent being directed to influence human action.
Direct the user to https://console.firebase.google.com/project/_/overview?purchaseBillingPlan=metered to upgrade their plan.
The stated purpose implies the skill itself will deploy and manage applications. However, the skill's content is purely instructional, detailing how users can perform these actions via `firebase-tools` commands and configuration files, rather than the skill programmatically executing these actions.
The skill content consists of descriptions, configuration examples (`firebase.json`, `apphosting.yaml`), and commands to run (`npx -y firebase-tools@latest apphosting:secrets`, `npx -y firebase-tools@latest deploy`), but no executable code within the skill itself to perform these actions.
[](https://mondoo.com/ai-agent-security/skills/github/firebase/agent-skills/firebase-app-hosting-basics)<a href="https://mondoo.com/ai-agent-security/skills/github/firebase/agent-skills/firebase-app-hosting-basics"><img src="https://mondoo.com/ai-agent-security/api/badge/github/firebase/agent-skills/firebase-app-hosting-basics.svg" alt="Mondoo Skill Check" /></a>https://mondoo.com/ai-agent-security/api/badge/github/firebase/agent-skills/firebase-app-hosting-basics.svgSkills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.