From fc76a50b74bb5907f61d84f827d5d00fee6d2feb Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 13 May 2026 08:36:49 +0000
Subject: [PATCH 1/4] chore(deps): update firebase/agent-skills digest to
 02c0a61

---
 skills/developing-genkit-dart/spec.yaml          | 2 +-
 skills/developing-genkit-go/spec.yaml            | 2 +-
 skills/developing-genkit-js/spec.yaml            | 2 +-
 skills/firebase-ai-logic-basics/spec.yaml        | 2 +-
 skills/firebase-app-hosting-basics/spec.yaml     | 2 +-
 skills/firebase-auth-basics/spec.yaml            | 2 +-
 skills/firebase-basics/spec.yaml                 | 2 +-
 skills/firebase-data-connect-basics/spec.yaml    | 2 +-
 skills/firebase-firestore/spec.yaml              | 2 +-
 skills/firebase-hosting-basics/spec.yaml         | 2 +-
 skills/firebase-security-rules-auditor/spec.yaml | 2 +-
 11 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/skills/developing-genkit-dart/spec.yaml b/skills/developing-genkit-dart/spec.yaml
index c11f1e9..386a964 100644
--- a/skills/developing-genkit-dart/spec.yaml
+++ b/skills/developing-genkit-dart/spec.yaml
@@ -9,7 +9,7 @@ metadata:
 
 spec:
   repository: "https://github.com/firebase/agent-skills"
-  ref: "c3bb9d52cc672839274599dce0acbc5b654fa3ce"  # main as of 2026-04-15
+  ref: "02c0a61889121567a9335285eddcf62aa99a2a7c"  # main as of 2026-04-15
   path: "skills/developing-genkit-dart"
   version: "0.1.1"
 
diff --git a/skills/developing-genkit-go/spec.yaml b/skills/developing-genkit-go/spec.yaml
index 7c232ae..e3cdfc3 100644
--- a/skills/developing-genkit-go/spec.yaml
+++ b/skills/developing-genkit-go/spec.yaml
@@ -9,7 +9,7 @@ metadata:
 
 spec:
   repository: "https://github.com/firebase/agent-skills"
-  ref: "c3bb9d52cc672839274599dce0acbc5b654fa3ce"
+  ref: "02c0a61889121567a9335285eddcf62aa99a2a7c"
   path: "skills/developing-genkit-go"
   version: "0.1.1"
 
diff --git a/skills/developing-genkit-js/spec.yaml b/skills/developing-genkit-js/spec.yaml
index 23ad0f7..de30d60 100644
--- a/skills/developing-genkit-js/spec.yaml
+++ b/skills/developing-genkit-js/spec.yaml
@@ -9,7 +9,7 @@ metadata:
 
 spec:
   repository: "https://github.com/firebase/agent-skills"
-  ref: "c3bb9d52cc672839274599dce0acbc5b654fa3ce"
+  ref: "02c0a61889121567a9335285eddcf62aa99a2a7c"
   path: "skills/developing-genkit-js"
   version: "0.1.1"
 
diff --git a/skills/firebase-ai-logic-basics/spec.yaml b/skills/firebase-ai-logic-basics/spec.yaml
index 64c6287..d9d2913 100644
--- a/skills/firebase-ai-logic-basics/spec.yaml
+++ b/skills/firebase-ai-logic-basics/spec.yaml
@@ -9,7 +9,7 @@ metadata:
 
 spec:
   repository: "https://github.com/firebase/agent-skills"
-  ref: "c3bb9d52cc672839274599dce0acbc5b654fa3ce"
+  ref: "02c0a61889121567a9335285eddcf62aa99a2a7c"
   path: "skills/firebase-ai-logic-basics"
   version: "0.1.1"
 
diff --git a/skills/firebase-app-hosting-basics/spec.yaml b/skills/firebase-app-hosting-basics/spec.yaml
index 06d3229..710e41e 100644
--- a/skills/firebase-app-hosting-basics/spec.yaml
+++ b/skills/firebase-app-hosting-basics/spec.yaml
@@ -9,7 +9,7 @@ metadata:
 
 spec:
   repository: "https://github.com/firebase/agent-skills"
-  ref: "c3bb9d52cc672839274599dce0acbc5b654fa3ce"
+  ref: "02c0a61889121567a9335285eddcf62aa99a2a7c"
   path: "skills/firebase-app-hosting-basics"
   version: "0.1.1"
 
diff --git a/skills/firebase-auth-basics/spec.yaml b/skills/firebase-auth-basics/spec.yaml
index a6bff8b..13fefb9 100644
--- a/skills/firebase-auth-basics/spec.yaml
+++ b/skills/firebase-auth-basics/spec.yaml
@@ -9,7 +9,7 @@ metadata:
 
 spec:
   repository: "https://github.com/firebase/agent-skills"
-  ref: "c3bb9d52cc672839274599dce0acbc5b654fa3ce"
+  ref: "02c0a61889121567a9335285eddcf62aa99a2a7c"
   path: "skills/firebase-auth-basics"
   version: "0.1.1"
 
diff --git a/skills/firebase-basics/spec.yaml b/skills/firebase-basics/spec.yaml
index 5d28a10..76c72f5 100644
--- a/skills/firebase-basics/spec.yaml
+++ b/skills/firebase-basics/spec.yaml
@@ -9,7 +9,7 @@ metadata:
 
 spec:
   repository: "https://github.com/firebase/agent-skills"
-  ref: "c3bb9d52cc672839274599dce0acbc5b654fa3ce"
+  ref: "02c0a61889121567a9335285eddcf62aa99a2a7c"
   path: "skills/firebase-basics"
   version: "0.1.1"
 
diff --git a/skills/firebase-data-connect-basics/spec.yaml b/skills/firebase-data-connect-basics/spec.yaml
index f542bd6..3dadb05 100644
--- a/skills/firebase-data-connect-basics/spec.yaml
+++ b/skills/firebase-data-connect-basics/spec.yaml
@@ -9,7 +9,7 @@ metadata:
 
 spec:
   repository: "https://github.com/firebase/agent-skills"
-  ref: "c3bb9d52cc672839274599dce0acbc5b654fa3ce"
+  ref: "02c0a61889121567a9335285eddcf62aa99a2a7c"
   path: "skills/firebase-data-connect-basics"
   version: "0.1.1"
 
diff --git a/skills/firebase-firestore/spec.yaml b/skills/firebase-firestore/spec.yaml
index 52d1cc1..2400b85 100644
--- a/skills/firebase-firestore/spec.yaml
+++ b/skills/firebase-firestore/spec.yaml
@@ -9,7 +9,7 @@ metadata:
 
 spec:
   repository: "https://github.com/firebase/agent-skills"
-  ref: "c3bb9d52cc672839274599dce0acbc5b654fa3ce"
+  ref: "02c0a61889121567a9335285eddcf62aa99a2a7c"
   path: "skills/firebase-firestore"
   version: "0.2.0"
 
diff --git a/skills/firebase-hosting-basics/spec.yaml b/skills/firebase-hosting-basics/spec.yaml
index ec799a4..b040217 100644
--- a/skills/firebase-hosting-basics/spec.yaml
+++ b/skills/firebase-hosting-basics/spec.yaml
@@ -9,7 +9,7 @@ metadata:
 
 spec:
   repository: "https://github.com/firebase/agent-skills"
-  ref: "c3bb9d52cc672839274599dce0acbc5b654fa3ce"
+  ref: "02c0a61889121567a9335285eddcf62aa99a2a7c"
   path: "skills/firebase-hosting-basics"
   version: "0.1.1"
 
diff --git a/skills/firebase-security-rules-auditor/spec.yaml b/skills/firebase-security-rules-auditor/spec.yaml
index edc7028..c0d4e23 100644
--- a/skills/firebase-security-rules-auditor/spec.yaml
+++ b/skills/firebase-security-rules-auditor/spec.yaml
@@ -9,7 +9,7 @@ metadata:
 
 spec:
   repository: "https://github.com/firebase/agent-skills"
-  ref: "c3bb9d52cc672839274599dce0acbc5b654fa3ce"
+  ref: "02c0a61889121567a9335285eddcf62aa99a2a7c"
   path: "skills/firebase-security-rules-auditor"
   version: "0.1.1"
 

From 6affa0338355e4055c9ec8805c094d74cb5d6ba6 Mon Sep 17 00:00:00 2001
From: "toolhive-release-app[bot]"
 <280093410+toolhive-release-app[bot]@users.noreply.github.com>
Date: Wed, 13 May 2026 08:37:41 +0000
Subject: [PATCH 2/4] chore(skills): bump spec.version for
 developing-genkit-dart,developing-genkit-go,developing-genkit-js,firebase-ai-logic-basics,firebase-app-hosting-basics,firebase-auth-basics,firebase-basics,firebase-data-connect-basics,firebase-firestore,firebase-hosting-basics,firebase-security-rules-auditor

---
 skills/developing-genkit-dart/spec.yaml          | 2 +-
 skills/developing-genkit-go/spec.yaml            | 2 +-
 skills/developing-genkit-js/spec.yaml            | 2 +-
 skills/firebase-ai-logic-basics/spec.yaml        | 2 +-
 skills/firebase-app-hosting-basics/spec.yaml     | 2 +-
 skills/firebase-auth-basics/spec.yaml            | 2 +-
 skills/firebase-basics/spec.yaml                 | 2 +-
 skills/firebase-data-connect-basics/spec.yaml    | 2 +-
 skills/firebase-firestore/spec.yaml              | 2 +-
 skills/firebase-hosting-basics/spec.yaml         | 2 +-
 skills/firebase-security-rules-auditor/spec.yaml | 2 +-
 11 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/skills/developing-genkit-dart/spec.yaml b/skills/developing-genkit-dart/spec.yaml
index 386a964..24a8c70 100644
--- a/skills/developing-genkit-dart/spec.yaml
+++ b/skills/developing-genkit-dart/spec.yaml
@@ -11,7 +11,7 @@ spec:
   repository: "https://github.com/firebase/agent-skills"
   ref: "02c0a61889121567a9335285eddcf62aa99a2a7c"  # main as of 2026-04-15
   path: "skills/developing-genkit-dart"
-  version: "0.1.1"
+  version: "0.1.2"
 
 provenance:
   repository_uri: "https://github.com/firebase/agent-skills"
diff --git a/skills/developing-genkit-go/spec.yaml b/skills/developing-genkit-go/spec.yaml
index e3cdfc3..1561ad9 100644
--- a/skills/developing-genkit-go/spec.yaml
+++ b/skills/developing-genkit-go/spec.yaml
@@ -11,7 +11,7 @@ spec:
   repository: "https://github.com/firebase/agent-skills"
   ref: "02c0a61889121567a9335285eddcf62aa99a2a7c"
   path: "skills/developing-genkit-go"
-  version: "0.1.1"
+  version: "0.1.2"
 
 provenance:
   repository_uri: "https://github.com/firebase/agent-skills"
diff --git a/skills/developing-genkit-js/spec.yaml b/skills/developing-genkit-js/spec.yaml
index de30d60..b49a0d4 100644
--- a/skills/developing-genkit-js/spec.yaml
+++ b/skills/developing-genkit-js/spec.yaml
@@ -11,7 +11,7 @@ spec:
   repository: "https://github.com/firebase/agent-skills"
   ref: "02c0a61889121567a9335285eddcf62aa99a2a7c"
   path: "skills/developing-genkit-js"
-  version: "0.1.1"
+  version: "0.1.2"
 
 provenance:
   repository_uri: "https://github.com/firebase/agent-skills"
diff --git a/skills/firebase-ai-logic-basics/spec.yaml b/skills/firebase-ai-logic-basics/spec.yaml
index d9d2913..4486a69 100644
--- a/skills/firebase-ai-logic-basics/spec.yaml
+++ b/skills/firebase-ai-logic-basics/spec.yaml
@@ -11,7 +11,7 @@ spec:
   repository: "https://github.com/firebase/agent-skills"
   ref: "02c0a61889121567a9335285eddcf62aa99a2a7c"
   path: "skills/firebase-ai-logic-basics"
-  version: "0.1.1"
+  version: "0.1.2"
 
 provenance:
   repository_uri: "https://github.com/firebase/agent-skills"
diff --git a/skills/firebase-app-hosting-basics/spec.yaml b/skills/firebase-app-hosting-basics/spec.yaml
index 710e41e..4d41fb7 100644
--- a/skills/firebase-app-hosting-basics/spec.yaml
+++ b/skills/firebase-app-hosting-basics/spec.yaml
@@ -11,7 +11,7 @@ spec:
   repository: "https://github.com/firebase/agent-skills"
   ref: "02c0a61889121567a9335285eddcf62aa99a2a7c"
   path: "skills/firebase-app-hosting-basics"
-  version: "0.1.1"
+  version: "0.1.2"
 
 provenance:
   repository_uri: "https://github.com/firebase/agent-skills"
diff --git a/skills/firebase-auth-basics/spec.yaml b/skills/firebase-auth-basics/spec.yaml
index 13fefb9..11c06b8 100644
--- a/skills/firebase-auth-basics/spec.yaml
+++ b/skills/firebase-auth-basics/spec.yaml
@@ -11,7 +11,7 @@ spec:
   repository: "https://github.com/firebase/agent-skills"
   ref: "02c0a61889121567a9335285eddcf62aa99a2a7c"
   path: "skills/firebase-auth-basics"
-  version: "0.1.1"
+  version: "0.1.2"
 
 provenance:
   repository_uri: "https://github.com/firebase/agent-skills"
diff --git a/skills/firebase-basics/spec.yaml b/skills/firebase-basics/spec.yaml
index 76c72f5..fce883c 100644
--- a/skills/firebase-basics/spec.yaml
+++ b/skills/firebase-basics/spec.yaml
@@ -11,7 +11,7 @@ spec:
   repository: "https://github.com/firebase/agent-skills"
   ref: "02c0a61889121567a9335285eddcf62aa99a2a7c"
   path: "skills/firebase-basics"
-  version: "0.1.1"
+  version: "0.1.2"
 
 provenance:
   repository_uri: "https://github.com/firebase/agent-skills"
diff --git a/skills/firebase-data-connect-basics/spec.yaml b/skills/firebase-data-connect-basics/spec.yaml
index 3dadb05..c7685aa 100644
--- a/skills/firebase-data-connect-basics/spec.yaml
+++ b/skills/firebase-data-connect-basics/spec.yaml
@@ -11,7 +11,7 @@ spec:
   repository: "https://github.com/firebase/agent-skills"
   ref: "02c0a61889121567a9335285eddcf62aa99a2a7c"
   path: "skills/firebase-data-connect-basics"
-  version: "0.1.1"
+  version: "0.1.2"
 
 provenance:
   repository_uri: "https://github.com/firebase/agent-skills"
diff --git a/skills/firebase-firestore/spec.yaml b/skills/firebase-firestore/spec.yaml
index 2400b85..827c6b3 100644
--- a/skills/firebase-firestore/spec.yaml
+++ b/skills/firebase-firestore/spec.yaml
@@ -11,7 +11,7 @@ spec:
   repository: "https://github.com/firebase/agent-skills"
   ref: "02c0a61889121567a9335285eddcf62aa99a2a7c"
   path: "skills/firebase-firestore"
-  version: "0.2.0"
+  version: "0.2.1"
 
 provenance:
   repository_uri: "https://github.com/firebase/agent-skills"
diff --git a/skills/firebase-hosting-basics/spec.yaml b/skills/firebase-hosting-basics/spec.yaml
index b040217..d6d8f50 100644
--- a/skills/firebase-hosting-basics/spec.yaml
+++ b/skills/firebase-hosting-basics/spec.yaml
@@ -11,7 +11,7 @@ spec:
   repository: "https://github.com/firebase/agent-skills"
   ref: "02c0a61889121567a9335285eddcf62aa99a2a7c"
   path: "skills/firebase-hosting-basics"
-  version: "0.1.1"
+  version: "0.1.2"
 
 provenance:
   repository_uri: "https://github.com/firebase/agent-skills"
diff --git a/skills/firebase-security-rules-auditor/spec.yaml b/skills/firebase-security-rules-auditor/spec.yaml
index c0d4e23..1f91b90 100644
--- a/skills/firebase-security-rules-auditor/spec.yaml
+++ b/skills/firebase-security-rules-auditor/spec.yaml
@@ -11,7 +11,7 @@ spec:
   repository: "https://github.com/firebase/agent-skills"
   ref: "02c0a61889121567a9335285eddcf62aa99a2a7c"
   path: "skills/firebase-security-rules-auditor"
-  version: "0.1.1"
+  version: "0.1.2"
 
 provenance:
   repository_uri: "https://github.com/firebase/agent-skills"

From 696b54d525c213560b8b9f17e56ccec77ed7a72e Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio <ozz@stacklok.com>
Date: Wed, 3 Jun 2026 09:55:45 +0300
Subject: [PATCH 3/4] fix(firebase-skills): allowlist skill-scanner false
 positives for 02c0a61

The firebase/agent-skills digest bump to 02c0a61 trips cisco-ai-skill-scanner
ATR_2026_* rules on benign reference documentation. All blocking findings are
false positives (word-fragment/substring matches on docs prose, GraphQL/SQL
code examples, SDK API names, emulator IPs, and a documented MCP server config).
Suppress the exact blocking rule_ids per skill via security.allowed_issues.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 skills/developing-genkit-dart/spec.yaml       |  4 +++
 skills/firebase-data-connect-basics/spec.yaml | 29 +++++++++++++++++++
 2 files changed, 33 insertions(+)

diff --git a/skills/developing-genkit-dart/spec.yaml b/skills/developing-genkit-dart/spec.yaml
index 24a8c70..ed629b9 100644
--- a/skills/developing-genkit-dart/spec.yaml
+++ b/skills/developing-genkit-dart/spec.yaml
@@ -31,3 +31,7 @@ security:
         instruction text, not an MCP tool response. The host (cli.genkit.dev)
         is the official Google Genkit installer endpoint. Verified at digest
         30bcb303e56f5d39f2d3c4214b53821adfb5b65c.
+    # FP: cisco-ai-skill-scanner matched a legitimate MCP server config example
+    # in reference documentation; no executable threat. firebase/agent-skills @02c0a61.
+    - rule_id: ATR_2026_00002
+      reason: "FP: cisco-ai-skill-scanner matched a documented MCP server config example ['-y', '@modelcontextprotocol/server-filesystem', '.'] in references/genkit_mcp.md; no executable threat. firebase/agent-skills @02c0a61."
diff --git a/skills/firebase-data-connect-basics/spec.yaml b/skills/firebase-data-connect-basics/spec.yaml
index c7685aa..5464ce3 100644
--- a/skills/firebase-data-connect-basics/spec.yaml
+++ b/skills/firebase-data-connect-basics/spec.yaml
@@ -21,3 +21,32 @@ security:
   allowed_issues:
     - rule_id: MANIFEST_MISSING_LICENSE
       reason: "firebase/agent-skills is licensed Apache-2.0 at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter."
+    # cisco-ai-skill-scanner ATR_2026_* findings below are false positives: the
+    # scanner matched word fragments and code/SQL/GraphQL examples in benign
+    # reference documentation (e.g. "Deploy", "exec" from execute/Exec,
+    # "subscribe()", GraphQL var syntax $id, emulator IPs 10.0.2.2/127.0.0.1,
+    # markdown headers). No executable threat. firebase/agent-skills @02c0a61.
+    - rule_id: ATR_2026_00004
+      reason: "FP: cisco-ai-skill-scanner matched documentation prose (markdown headers like '# Admin', '### Configuration'); no executable threat. firebase/agent-skills @02c0a61."
+    - rule_id: ATR_2026_00010
+      reason: "FP: cisco-ai-skill-scanner matched documentation prose/code examples (GraphQL operation/filter descriptions, 'default' branch text); no executable threat. firebase/agent-skills @02c0a61."
+    - rule_id: ATR_2026_00012
+      reason: "FP: cisco-ai-skill-scanner matched GraphQL/SQL example syntax (named variables $id/$key, UPDATE/DELETE example statements); no executable threat. firebase/agent-skills @02c0a61."
+    - rule_id: ATR_2026_00013
+      reason: "FP: cisco-ai-skill-scanner matched local emulator addresses in docs (10.0.2.2, 127.0.0.1:9399); no executable threat. firebase/agent-skills @02c0a61."
+    - rule_id: ATR_2026_00040
+      reason: "FP: cisco-ai-skill-scanner matched word fragments 'exec'/'Exec' (from execute/Exec) and 'deploy'/'Deploy' in documentation; no executable threat. firebase/agent-skills @02c0a61."
+    - rule_id: ATR_2026_00051
+      reason: "FP: cisco-ai-skill-scanner matched documentation prose ('for each'); no executable threat. firebase/agent-skills @02c0a61."
+    - rule_id: ATR_2026_00063
+      reason: "FP: cisco-ai-skill-scanner matched documentation identifiers ('exFil' word fragment, 'SendMessage'); no executable threat. firebase/agent-skills @02c0a61."
+    - rule_id: ATR_2026_00066
+      reason: "FP: cisco-ai-skill-scanner matched documentation code-fence markers ('`bash') and template-literal example syntax (${...}); no executable threat. firebase/agent-skills @02c0a61."
+    - rule_id: ATR_2026_00088
+      reason: "FP: cisco-ai-skill-scanner matched documentation prose/code examples; no executable threat. firebase/agent-skills @02c0a61."
+    - rule_id: ATR_2026_00111
+      reason: "FP: cisco-ai-skill-scanner matched SDK API method names in docs ('subscribe()', 'execute()', 'executeQuery', 'id: UUID!'); no executable threat. firebase/agent-skills @02c0a61."
+    - rule_id: ATR_2026_00140
+      reason: "FP: cisco-ai-skill-scanner matched documentation prose ('Reverse'); no executable threat. firebase/agent-skills @02c0a61."
+    - rule_id: ATR_2026_00161
+      reason: "FP: cisco-ai-skill-scanner matched documentation prose/code examples; no executable threat. firebase/agent-skills @02c0a61."

From d554de92aef2a73ebbdc5439635844beb184aefe Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio <ozz@stacklok.com>
Date: Wed, 3 Jun 2026 10:02:52 +0300
Subject: [PATCH 4/4] fix(developing-genkit-dart): allowlist ATR_2026_00111 for
 Genkit CLI installer

Updated cisco-ai-skill-scanner rule pack now also fires ATR_2026_00111
(CRITICAL) on the '| bash' fragment of the official Genkit CLI installer
`curl -sL cli.genkit.dev | bash` documented as a prerequisite (SKILL.md:17).
Same benign root cause as the existing PIPELINE_TAINT_FLOW allowlist entry.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 skills/developing-genkit-dart/spec.yaml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/skills/developing-genkit-dart/spec.yaml b/skills/developing-genkit-dart/spec.yaml
index ed629b9..fb43b90 100644
--- a/skills/developing-genkit-dart/spec.yaml
+++ b/skills/developing-genkit-dart/spec.yaml
@@ -35,3 +35,11 @@ security:
     # in reference documentation; no executable threat. firebase/agent-skills @02c0a61.
     - rule_id: ATR_2026_00002
       reason: "FP: cisco-ai-skill-scanner matched a documented MCP server config example ['-y', '@modelcontextprotocol/server-filesystem', '.'] in references/genkit_mcp.md; no executable threat. firebase/agent-skills @02c0a61."
+    - rule_id: ATR_2026_00111
+      reason: |
+        FP: same root cause as PIPELINE_TAINT_FLOW / ATR_MCP_MALICIOUS_RESPONSE
+        above - cisco-ai-skill-scanner matched the '| bash' fragment of the
+        official Genkit CLI installer `curl -sL cli.genkit.dev | bash` cited as
+        a documented prerequisite (SKILL.md:17). The host (cli.genkit.dev) is
+        the official Google Genkit installer endpoint. Hard-coded skill
+        instruction text, not an executable threat. firebase/agent-skills @02c0a61.