Habilidades firebase-development Historial de auditorías
📦

Historial de auditorías

firebase-development - 4 auditorías

Versión de auditoría 4

Más reciente Riesgo medio

Jun 27, 2026, 03:22 PM

Static analysis reported many high-risk patterns, but review shows most are Markdown examples, inline code formatting, local Firebase emulator URLs, and normal developer commands. No prompt injection or malicious exfiltration intent was found. The skill still carries medium risk because it instructs assistants to run shell commands and inspect environment files during Firebase debugging.

5
Archivos escaneados
1,035
Líneas analizadas
9
hallazgos
codex
Auditado por
Problemas de riesgo medio (2)
debug/SKILL.md:102-106
Environment File Inspection Guidance
The debug workflow instructs the assistant to run commands that print `functions/.env` and `hosting/.env.local`. This is legitimate Firebase troubleshooting, but it can expose API keys, tokens, or service configuration into the assistant context if users do not redact secrets.
project-setup/SKILL.md:65-68project-setup/SKILL.md:72-75debug/SKILL.md:55-58validate/SKILL.md:119-121
Shell Command Execution Workflow
Multiple workflows direct the assistant to execute Firebase CLI, npm, git, lsof, kill, grep, and file inspection commands. These are normal development tasks, but they can modify repositories, terminate processes, or reveal local project information if run without confirmation.
Problemas de riesgo bajo (3)
SKILL.md:127-130project-setup/SKILL.md:151-154debug/SKILL.md:66-68add-feature/SKILL.md:205-208
Localhost URL and IP Findings Are Benign
The hardcoded network findings point to `http://127.0.0.1:4000`, the Firebase Emulator UI. This is a local development URL, not an external endpoint or data exfiltration target.
SKILL.md:13-16add-feature/SKILL.md:45-49project-setup/SKILL.md:65-68validate/SKILL.md:107-109
Markdown Backtick Command Findings Are Mostly False Positives
The static analyzer classified Markdown inline code and fenced examples as Ruby or shell backtick execution. The files are Markdown instructions and do not contain executable Ruby backtick operators.
add-feature/SKILL.md:62-65project-setup/SKILL.md:39-44validate/SKILL.md:84-97SKILL.md:92-100
Path Traversal and Weak Crypto Findings Lack Supporting Evidence
The flagged path traversal and weak cryptographic algorithm locations correspond to TypeScript relative imports, metadata, API key wording, or security review guidance. No evidence found of traversal logic, cryptographic implementation, or unsafe hash use.

Factores de riesgo

⚙️ Comandos externos (5)
project-setup/SKILL.md:65-68 project-setup/SKILL.md:72-75 add-feature/SKILL.md:45-49 debug/SKILL.md:55-58 validate/SKILL.md:119-121
🌐 Acceso a red (4)
SKILL.md:127-130 project-setup/SKILL.md:151-154 debug/SKILL.md:66-68 add-feature/SKILL.md:205-208
📁 Acceso al sistema de archivos (4)
project-setup/SKILL.md:77 debug/SKILL.md:102-106 debug/SKILL.md:114-118 validate/SKILL.md:134-138
🔑 Variables de entorno (4)
project-setup/SKILL.md:137-141 project-setup/SKILL.md:171-172 debug/SKILL.md:102-106 validate/SKILL.md:134-138

Patrones detectados

Potential Secret Disclosure Through Environment File ReadsWorkspace-Modifying Command InstructionsProcess Termination Guidance

Versión de auditoría 3

Seguro

Jan 16, 2026, 01:29 PM

This is a documentation/guidance orchestration skill with no executable code. All 302 static findings are false positives - the skill contains documentation examples of Firebase CLI commands, not actual command execution vulnerabilities. Patterns flagged (external commands, network access, credential references) are inherent to Firebase development documentation.

6
Archivos escaneados
1,261
Líneas analizadas
3
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

⚙️ Comandos externos (236)
add-feature/SKILL.md:14 add-feature/SKILL.md:26 add-feature/SKILL.md:27 add-feature/SKILL.md:28 add-feature/SKILL.md:45-49 add-feature/SKILL.md:49-53 add-feature/SKILL.md:53-58 add-feature/SKILL.md:58-76 add-feature/SKILL.md:76-78 add-feature/SKILL.md:78-83 add-feature/SKILL.md:83-101 add-feature/SKILL.md:101-103 add-feature/SKILL.md:103-106 add-feature/SKILL.md:106-109 add-feature/SKILL.md:109-114 add-feature/SKILL.md:114-117 add-feature/SKILL.md:117-126 add-feature/SKILL.md:126-128 add-feature/SKILL.md:128-131 add-feature/SKILL.md:131-133 add-feature/SKILL.md:133-141 add-feature/SKILL.md:141-149 add-feature/SKILL.md:149-154 add-feature/SKILL.md:154-157 add-feature/SKILL.md:157-163 add-feature/SKILL.md:163-165 add-feature/SKILL.md:165-170 add-feature/SKILL.md:170-176 add-feature/SKILL.md:176-181 add-feature/SKILL.md:181-184 add-feature/SKILL.md:184-187 add-feature/SKILL.md:187-190 add-feature/SKILL.md:190-195 add-feature/SKILL.md:195-202 add-feature/SKILL.md:202-205 add-feature/SKILL.md:205-208 add-feature/SKILL.md:208-221 add-feature/SKILL.md:221-227 add-feature/SKILL.md:227-242 add-feature/SKILL.md:242-243 add-feature/SKILL.md:243-244 add-feature/SKILL.md:244-245 debug/SKILL.md:28 debug/SKILL.md:29 debug/SKILL.md:30 debug/SKILL.md:55-58 debug/SKILL.md:58-60 debug/SKILL.md:60-62 debug/SKILL.md:62-66 debug/SKILL.md:66-68 debug/SKILL.md:68-85 debug/SKILL.md:85-98 debug/SKILL.md:98-103 debug/SKILL.md:103-106 debug/SKILL.md:106-110 debug/SKILL.md:110-114 debug/SKILL.md:114-119 debug/SKILL.md:119-122 debug/SKILL.md:122-124 debug/SKILL.md:124-129 debug/SKILL.md:129-133 debug/SKILL.md:133-135 debug/SKILL.md:135-140 debug/SKILL.md:140-142 debug/SKILL.md:142-151 debug/SKILL.md:151-161 debug/SKILL.md:161-166 debug/SKILL.md:166-167 debug/SKILL.md:167-172 debug/SKILL.md:172-179 debug/SKILL.md:179-180 debug/SKILL.md:180-181 debug/SKILL.md:181-182 project-setup/SKILL.md:25 project-setup/SKILL.md:26 project-setup/SKILL.md:37 project-setup/SKILL.md:44 project-setup/SKILL.md:51 project-setup/SKILL.md:57 project-setup/SKILL.md:65-68 project-setup/SKILL.md:68-72 project-setup/SKILL.md:72-75 project-setup/SKILL.md:75-77 project-setup/SKILL.md:77 project-setup/SKILL.md:77 project-setup/SKILL.md:77 project-setup/SKILL.md:77 project-setup/SKILL.md:77 project-setup/SKILL.md:77 project-setup/SKILL.md:77-81 project-setup/SKILL.md:81-83 project-setup/SKILL.md:83-94 project-setup/SKILL.md:94-101 project-setup/SKILL.md:101-103 project-setup/SKILL.md:103-109 project-setup/SKILL.md:109 project-setup/SKILL.md:109 project-setup/SKILL.md:109 project-setup/SKILL.md:109-110 project-setup/SKILL.md:110 project-setup/SKILL.md:110-111 project-setup/SKILL.md:111-113 project-setup/SKILL.md:113 project-setup/SKILL.md:113 project-setup/SKILL.md:113 project-setup/SKILL.md:113 project-setup/SKILL.md:113 project-setup/SKILL.md:113-117 project-setup/SKILL.md:117-119 project-setup/SKILL.md:119-124 project-setup/SKILL.md:124 project-setup/SKILL.md:124-127 project-setup/SKILL.md:127-131 project-setup/SKILL.md:131 project-setup/SKILL.md:131 project-setup/SKILL.md:131 project-setup/SKILL.md:131-135 project-setup/SKILL.md:135 project-setup/SKILL.md:135-139 project-setup/SKILL.md:139 project-setup/SKILL.md:139-141 project-setup/SKILL.md:141 project-setup/SKILL.md:141-145 project-setup/SKILL.md:145-147 project-setup/SKILL.md:147-151 project-setup/SKILL.md:151-154 project-setup/SKILL.md:154-160 project-setup/SKILL.md:160 project-setup/SKILL.md:160-166 project-setup/SKILL.md:166-167 project-setup/SKILL.md:167-168 project-setup/SKILL.md:168-172 project-setup/SKILL.md:172-179 project-setup/SKILL.md:179-186 project-setup/SKILL.md:186-189 project-setup/SKILL.md:189-196 project-setup/SKILL.md:196-199 project-setup/SKILL.md:199-204 project-setup/SKILL.md:204-209 project-setup/SKILL.md:209-210 project-setup/SKILL.md:210-211 project-setup/SKILL.md:211-215 project-setup/SKILL.md:215-216 project-setup/SKILL.md:216-217 project-setup/SKILL.md:217-218 project-setup/SKILL.md:218-219 SKILL.md:13 SKILL.md:14 SKILL.md:15 SKILL.md:16 SKILL.md:59-66 SKILL.md:66-74 SKILL.md:74-75 SKILL.md:75-76 SKILL.md:76-86 SKILL.md:86-87 SKILL.md:87-90 SKILL.md:90-100 SKILL.md:100-106 SKILL.md:106-107 SKILL.md:107 SKILL.md:107-110 SKILL.md:110-121 SKILL.md:121-127 SKILL.md:127-130 SKILL.md:130-133 SKILL.md:133-134 SKILL.md:134-136 SKILL.md:136-144 SKILL.md:144-145 SKILL.md:145-146 SKILL.md:146-152 SKILL.md:152-155 SKILL.md:155-167 SKILL.md:167-171 SKILL.md:171-180 SKILL.md:180-183 SKILL.md:183-184 SKILL.md:184-185 SKILL.md:185-186 validate/SKILL.md:26 validate/SKILL.md:27 validate/SKILL.md:28 validate/SKILL.md:37 validate/SKILL.md:38 validate/SKILL.md:39 validate/SKILL.md:40 validate/SKILL.md:44 validate/SKILL.md:49-56 validate/SKILL.md:56-60 validate/SKILL.md:60-65 validate/SKILL.md:65 validate/SKILL.md:65-67 validate/SKILL.md:67-68 validate/SKILL.md:68-71 validate/SKILL.md:71-76 validate/SKILL.md:76 validate/SKILL.md:76-77 validate/SKILL.md:77-82 validate/SKILL.md:82-88 validate/SKILL.md:88-89 validate/SKILL.md:89-90 validate/SKILL.md:90-93 validate/SKILL.md:93-97 validate/SKILL.md:97-101 validate/SKILL.md:101-102 validate/SKILL.md:102-105 validate/SKILL.md:105-107 validate/SKILL.md:107-109 validate/SKILL.md:109-114 validate/SKILL.md:114-115 validate/SKILL.md:115-116 validate/SKILL.md:116 validate/SKILL.md:116-119 validate/SKILL.md:119-121 validate/SKILL.md:121-127 validate/SKILL.md:127-129 validate/SKILL.md:129-135 validate/SKILL.md:135-136 validate/SKILL.md:136 validate/SKILL.md:136-137 validate/SKILL.md:137-141 validate/SKILL.md:141-142 validate/SKILL.md:142-143 validate/SKILL.md:143-144 validate/SKILL.md:144-162 validate/SKILL.md:162-163 validate/SKILL.md:163-171 validate/SKILL.md:171-172 validate/SKILL.md:172-176 validate/SKILL.md:176-182 validate/SKILL.md:182-194 validate/SKILL.md:194-195 validate/SKILL.md:195-196 validate/SKILL.md:196-197 validate/SKILL.md:197-198
🌐 Acceso a red (10)
add-feature/SKILL.md:207 add-feature/SKILL.md:207 debug/SKILL.md:67 debug/SKILL.md:67 project-setup/SKILL.md:153 project-setup/SKILL.md:170 project-setup/SKILL.md:153 project-setup/SKILL.md:170 SKILL.md:129 SKILL.md:129
📁 Acceso al sistema de archivos (5)
add-feature/SKILL.md:63 add-feature/SKILL.md:63 debug/SKILL.md:104 debug/SKILL.md:105 project-setup/SKILL.md:141

Versión de auditoría 2

Seguro

Jan 16, 2026, 01:29 PM

This is a documentation/guidance orchestration skill with no executable code. All 302 static findings are false positives - the skill contains documentation examples of Firebase CLI commands, not actual command execution vulnerabilities. Patterns flagged (external commands, network access, credential references) are inherent to Firebase development documentation.

6
Archivos escaneados
1,261
Líneas analizadas
3
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

⚙️ Comandos externos (236)
add-feature/SKILL.md:14 add-feature/SKILL.md:26 add-feature/SKILL.md:27 add-feature/SKILL.md:28 add-feature/SKILL.md:45-49 add-feature/SKILL.md:49-53 add-feature/SKILL.md:53-58 add-feature/SKILL.md:58-76 add-feature/SKILL.md:76-78 add-feature/SKILL.md:78-83 add-feature/SKILL.md:83-101 add-feature/SKILL.md:101-103 add-feature/SKILL.md:103-106 add-feature/SKILL.md:106-109 add-feature/SKILL.md:109-114 add-feature/SKILL.md:114-117 add-feature/SKILL.md:117-126 add-feature/SKILL.md:126-128 add-feature/SKILL.md:128-131 add-feature/SKILL.md:131-133 add-feature/SKILL.md:133-141 add-feature/SKILL.md:141-149 add-feature/SKILL.md:149-154 add-feature/SKILL.md:154-157 add-feature/SKILL.md:157-163 add-feature/SKILL.md:163-165 add-feature/SKILL.md:165-170 add-feature/SKILL.md:170-176 add-feature/SKILL.md:176-181 add-feature/SKILL.md:181-184 add-feature/SKILL.md:184-187 add-feature/SKILL.md:187-190 add-feature/SKILL.md:190-195 add-feature/SKILL.md:195-202 add-feature/SKILL.md:202-205 add-feature/SKILL.md:205-208 add-feature/SKILL.md:208-221 add-feature/SKILL.md:221-227 add-feature/SKILL.md:227-242 add-feature/SKILL.md:242-243 add-feature/SKILL.md:243-244 add-feature/SKILL.md:244-245 debug/SKILL.md:28 debug/SKILL.md:29 debug/SKILL.md:30 debug/SKILL.md:55-58 debug/SKILL.md:58-60 debug/SKILL.md:60-62 debug/SKILL.md:62-66 debug/SKILL.md:66-68 debug/SKILL.md:68-85 debug/SKILL.md:85-98 debug/SKILL.md:98-103 debug/SKILL.md:103-106 debug/SKILL.md:106-110 debug/SKILL.md:110-114 debug/SKILL.md:114-119 debug/SKILL.md:119-122 debug/SKILL.md:122-124 debug/SKILL.md:124-129 debug/SKILL.md:129-133 debug/SKILL.md:133-135 debug/SKILL.md:135-140 debug/SKILL.md:140-142 debug/SKILL.md:142-151 debug/SKILL.md:151-161 debug/SKILL.md:161-166 debug/SKILL.md:166-167 debug/SKILL.md:167-172 debug/SKILL.md:172-179 debug/SKILL.md:179-180 debug/SKILL.md:180-181 debug/SKILL.md:181-182 project-setup/SKILL.md:25 project-setup/SKILL.md:26 project-setup/SKILL.md:37 project-setup/SKILL.md:44 project-setup/SKILL.md:51 project-setup/SKILL.md:57 project-setup/SKILL.md:65-68 project-setup/SKILL.md:68-72 project-setup/SKILL.md:72-75 project-setup/SKILL.md:75-77 project-setup/SKILL.md:77 project-setup/SKILL.md:77 project-setup/SKILL.md:77 project-setup/SKILL.md:77 project-setup/SKILL.md:77 project-setup/SKILL.md:77 project-setup/SKILL.md:77-81 project-setup/SKILL.md:81-83 project-setup/SKILL.md:83-94 project-setup/SKILL.md:94-101 project-setup/SKILL.md:101-103 project-setup/SKILL.md:103-109 project-setup/SKILL.md:109 project-setup/SKILL.md:109 project-setup/SKILL.md:109 project-setup/SKILL.md:109-110 project-setup/SKILL.md:110 project-setup/SKILL.md:110-111 project-setup/SKILL.md:111-113 project-setup/SKILL.md:113 project-setup/SKILL.md:113 project-setup/SKILL.md:113 project-setup/SKILL.md:113 project-setup/SKILL.md:113 project-setup/SKILL.md:113-117 project-setup/SKILL.md:117-119 project-setup/SKILL.md:119-124 project-setup/SKILL.md:124 project-setup/SKILL.md:124-127 project-setup/SKILL.md:127-131 project-setup/SKILL.md:131 project-setup/SKILL.md:131 project-setup/SKILL.md:131 project-setup/SKILL.md:131-135 project-setup/SKILL.md:135 project-setup/SKILL.md:135-139 project-setup/SKILL.md:139 project-setup/SKILL.md:139-141 project-setup/SKILL.md:141 project-setup/SKILL.md:141-145 project-setup/SKILL.md:145-147 project-setup/SKILL.md:147-151 project-setup/SKILL.md:151-154 project-setup/SKILL.md:154-160 project-setup/SKILL.md:160 project-setup/SKILL.md:160-166 project-setup/SKILL.md:166-167 project-setup/SKILL.md:167-168 project-setup/SKILL.md:168-172 project-setup/SKILL.md:172-179 project-setup/SKILL.md:179-186 project-setup/SKILL.md:186-189 project-setup/SKILL.md:189-196 project-setup/SKILL.md:196-199 project-setup/SKILL.md:199-204 project-setup/SKILL.md:204-209 project-setup/SKILL.md:209-210 project-setup/SKILL.md:210-211 project-setup/SKILL.md:211-215 project-setup/SKILL.md:215-216 project-setup/SKILL.md:216-217 project-setup/SKILL.md:217-218 project-setup/SKILL.md:218-219 SKILL.md:13 SKILL.md:14 SKILL.md:15 SKILL.md:16 SKILL.md:59-66 SKILL.md:66-74 SKILL.md:74-75 SKILL.md:75-76 SKILL.md:76-86 SKILL.md:86-87 SKILL.md:87-90 SKILL.md:90-100 SKILL.md:100-106 SKILL.md:106-107 SKILL.md:107 SKILL.md:107-110 SKILL.md:110-121 SKILL.md:121-127 SKILL.md:127-130 SKILL.md:130-133 SKILL.md:133-134 SKILL.md:134-136 SKILL.md:136-144 SKILL.md:144-145 SKILL.md:145-146 SKILL.md:146-152 SKILL.md:152-155 SKILL.md:155-167 SKILL.md:167-171 SKILL.md:171-180 SKILL.md:180-183 SKILL.md:183-184 SKILL.md:184-185 SKILL.md:185-186 validate/SKILL.md:26 validate/SKILL.md:27 validate/SKILL.md:28 validate/SKILL.md:37 validate/SKILL.md:38 validate/SKILL.md:39 validate/SKILL.md:40 validate/SKILL.md:44 validate/SKILL.md:49-56 validate/SKILL.md:56-60 validate/SKILL.md:60-65 validate/SKILL.md:65 validate/SKILL.md:65-67 validate/SKILL.md:67-68 validate/SKILL.md:68-71 validate/SKILL.md:71-76 validate/SKILL.md:76 validate/SKILL.md:76-77 validate/SKILL.md:77-82 validate/SKILL.md:82-88 validate/SKILL.md:88-89 validate/SKILL.md:89-90 validate/SKILL.md:90-93 validate/SKILL.md:93-97 validate/SKILL.md:97-101 validate/SKILL.md:101-102 validate/SKILL.md:102-105 validate/SKILL.md:105-107 validate/SKILL.md:107-109 validate/SKILL.md:109-114 validate/SKILL.md:114-115 validate/SKILL.md:115-116 validate/SKILL.md:116 validate/SKILL.md:116-119 validate/SKILL.md:119-121 validate/SKILL.md:121-127 validate/SKILL.md:127-129 validate/SKILL.md:129-135 validate/SKILL.md:135-136 validate/SKILL.md:136 validate/SKILL.md:136-137 validate/SKILL.md:137-141 validate/SKILL.md:141-142 validate/SKILL.md:142-143 validate/SKILL.md:143-144 validate/SKILL.md:144-162 validate/SKILL.md:162-163 validate/SKILL.md:163-171 validate/SKILL.md:171-172 validate/SKILL.md:172-176 validate/SKILL.md:176-182 validate/SKILL.md:182-194 validate/SKILL.md:194-195 validate/SKILL.md:195-196 validate/SKILL.md:196-197 validate/SKILL.md:197-198
🌐 Acceso a red (10)
add-feature/SKILL.md:207 add-feature/SKILL.md:207 debug/SKILL.md:67 debug/SKILL.md:67 project-setup/SKILL.md:153 project-setup/SKILL.md:170 project-setup/SKILL.md:153 project-setup/SKILL.md:170 SKILL.md:129 SKILL.md:129
📁 Acceso al sistema de archivos (5)
add-feature/SKILL.md:63 add-feature/SKILL.md:63 debug/SKILL.md:104 debug/SKILL.md:105 project-setup/SKILL.md:141

Versión de auditoría 1

Seguro

Jan 10, 2026, 09:18 AM

Pure prompt-based skill containing only instructional Markdown. No executable code, no network calls, no file system access, no command execution. All operations require user confirmation via Claude Code's built-in mechanisms.

5
Archivos escaneados
950
Líneas analizadas
0
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad
← Volver a Skill