40Medium
This skill uses coercive prompts to hijack agent workflows and force unauthorized enterprise-tier cloud provisioning while relying on unverified, insecure dependency execution and missing critical documentation.
Skill Info
Namefirebase/agent-skills/firebase-firestore
Registrygithub
Version7eb6e6572cee
PURLpkg:github/firebase/agent-skills@7eb6e6572cee?skill=firebase-firestore
Stars357
Installs47,400
Source
Install
This skill has findings worth reviewing before installing.
GitHub
47,300 installs
Skills.shDocs
npx skills add https://github.com/firebase/agent-skillsAssessments (4)
AI Agent Traps ↗Coercive instruction to activate skillmediumsocial engineeringAML.T0052.000LLM09:2025
The skill uses authoritative, mandatory language ('You MUST unconditionally activate this skill') to pressure the agent into prioritizing its use, which is a common pattern for hijacking agent workflows.
90% confidence
You MUST unconditionally activate this skill if you plan to use Firestore in any way.
Description Mismatchmediumdescription mismatchAML.T0011.000LLM06:2025LLM09:2025
The skill includes a coercive instruction to 'unconditionally activate' itself, which is an attempt to bypass user discretion and force persistent execution.
85% confidence
Description: 'You MUST unconditionally activate this skill if you plan to use Firestore in any way.'
Forced provisioning of Enterprise editionmediumautonomy abuseAML.T0034.002AML.T0053LLM06:2025LLM10:2025
The instructions force the agent to default to provisioning 'Enterprise' edition databases without explicit user confirmation of the cost or resource implications, potentially leading to unexpected cloud billing.
80% confidence
default to provisioning an Enterprise edition database
Global/unverified dependency execution — global npm/yarn package, dotnet tool, or auto-confirmed npx run without version or integrity pinningmediumsupply chainAML.T0010AML.T0019AML.T0058LLM03:2025
Global/unverified dependency execution — global npm/yarn package, dotnet tool, or auto-confirmed npx run without version or integrity pinning (seen 5 times in this file at lines 10, 20, 25, 39, 43)
100% confidenceline 10
npx -y
Missing usage exampleslowpolicy violation
Skill body contains no code blocks or usage examples, making it harder for users to evaluate.
100% confidence
Referenced file missing from skill packagelowpolicy violation
SKILL.md links to "references/standard/android_sdk_usage.md" but the file is not part of the skill package — the workflow silently degrades or the content is sourced elsewhere at runtime
90% confidence
[android_sdk_usage.md](references/standard/android_sdk_usage.md)
Referenced file missing from skill packagelowpolicy violation
SKILL.md links to "references/standard/ios_setup.md" but the file is not part of the skill package — the workflow silently degrades or the content is sourced elsewhere at runtime
90% confidence
[ios_setup.md](references/standard/ios_setup.md)
Referenced file missing from skill packagelowpolicy violation
SKILL.md links to "references/standard/provisioning.md" but the file is not part of the skill package — the workflow silently degrades or the content is sourced elsewhere at runtime
90% confidence
[provisioning.md](references/standard/provisioning.md)
Referenced file missing from skill packagelowpolicy violation
SKILL.md links to "references/standard/security_rules.md" but the file is not part of the skill package — the workflow silently degrades or the content is sourced elsewhere at runtime
90% confidence
[security_rules.md](references/standard/security_rules.md)
Referenced file missing from skill packagelowpolicy violation
SKILL.md links to "references/standard/web_sdk_usage.md" but the file is not part of the skill package — the workflow silently degrades or the content is sourced elsewhere at runtime
90% confidence
[web_sdk_usage.md](references/standard/web_sdk_usage.md)
Missing licenseinfopolicy violation
Skill does not specify a license field. Specifying a license helps users understand usage terms.
100% confidence
Missing or insufficient descriptioninfopolicy violation
Skill description is empty or too short. A clear description helps users evaluate the skill's purpose.
100% confidence
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/firebase/agent-skills/firebase-firestore)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/firebase/agent-skills/firebase-firestore"><img src="https://mondoo.com/ai-agent-security/api/badge/github/firebase/agent-skills/firebase-firestore.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/firebase/agent-skills/firebase-firestore.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow