Firebase functions unvalidated input to sensitive sinks

Detects instances where untrusted input from various sources (HTTP requests, database triggers, storage events, Pub/Sub messages, authentication triggers) flows into sensitive operations (sinks) without proper validation or sanitization. This can lead to injection attacks (NoSQLi, XSS, Command Injection) or data integrity issues.