История аудитов
firebase-development-validate - 4 аудиты
Версия аудита 4
Последняя Низкий рискJun 27, 2026, 03:33 PM
Static analysis flagged many Markdown backtick spans and command examples as external command execution. Review found no executable scripts, prompt injection, network exfiltration, or malicious intent; the examples are project validation checks for Firebase code. The skill is safe to publish with low risk because it may lead an agent to run local grep, npm, and build commands in a user project.
Confirmed security concerns (2)
Capability review items (2)
These are real local capabilities that may be expected for this skill, so they require review but are not counted as confirmed malicious behavior.
Факторы риска
⚙️ Внешние команды (4)
🔑 Переменные окружения (1)
Версия аудита 3
БезопасноJan 16, 2026, 01:46 PM
This is a pure prompt-based documentation skill with no executable code. The static scanner flagged Markdown backtick syntax (for file paths, skill references, and example commands) as shell execution patterns - these are false positives. No network access, file system modifications, or actual command execution capabilities exist. The skill only provides validation guidance for Claude to follow when reviewing Firebase projects.
Факторы риска
⚙️ Внешние команды (56)
Версия аудита 2
БезопасноJan 16, 2026, 01:46 PM
This is a pure prompt-based documentation skill with no executable code. The static scanner flagged Markdown backtick syntax (for file paths, skill references, and example commands) as shell execution patterns - these are false positives. No network access, file system modifications, or actual command execution capabilities exist. The skill only provides validation guidance for Claude to follow when reviewing Firebase projects.
Факторы риска
⚙️ Внешние команды (56)
Версия аудита 1
БезопасноJan 10, 2026, 09:21 AM
This is a pure prompt-based skill with no executable code. It contains only markdown instructions for validating Firebase projects. No network access, file system modifications, or command execution capabilities.