Historial de auditorías
firebase-development - 4 auditorías
Versión de auditoría 4
Más reciente Riesgo medioJun 27, 2026, 03:22 PM
Static analysis reported many high-risk patterns, but review shows most are Markdown examples, inline code formatting, local Firebase emulator URLs, and normal developer commands. No prompt injection or malicious exfiltration intent was found. The skill still carries medium risk because it instructs assistants to run shell commands and inspect environment files during Firebase debugging.
Problemas de riesgo medio (2)
Problemas de riesgo bajo (3)
Factores de riesgo
⚙️ Comandos externos (5)
🌐 Acceso a red (4)
📁 Acceso al sistema de archivos (4)
🔑 Variables de entorno (4)
Patrones detectados
Versión de auditoría 3
SeguroJan 16, 2026, 01:29 PM
This is a documentation/guidance orchestration skill with no executable code. All 302 static findings are false positives - the skill contains documentation examples of Firebase CLI commands, not actual command execution vulnerabilities. Patterns flagged (external commands, network access, credential references) are inherent to Firebase development documentation.
Factores de riesgo
⚙️ Comandos externos (236)
🌐 Acceso a red (10)
📁 Acceso al sistema de archivos (5)
Versión de auditoría 2
SeguroJan 16, 2026, 01:29 PM
This is a documentation/guidance orchestration skill with no executable code. All 302 static findings are false positives - the skill contains documentation examples of Firebase CLI commands, not actual command execution vulnerabilities. Patterns flagged (external commands, network access, credential references) are inherent to Firebase development documentation.
Factores de riesgo
⚙️ Comandos externos (236)
🌐 Acceso a red (10)
📁 Acceso al sistema de archivos (5)
Versión de auditoría 1
SeguroJan 10, 2026, 09:18 AM
Pure prompt-based skill containing only instructional Markdown. No executable code, no network calls, no file system access, no command execution. All operations require user confirmation via Claude Code's built-in mechanisms.