I'm using google dialogflow to make a whatsapp chatbot. I need to access firestore which contains sensitive data in other collections. Admin sdk is usually used in cloud functions but since it can access any collection in firestore with ease, i wanted to know if it is safe to use it or should i opt for a different option such as firebase client sdk.
Dialogflow is linked to a third party service (QuickWork) which links my bot to Gupshup to use the whatsapp business api.
You're supposed to use backend SDKs, such as the Firebase Admin SDK, in Cloud Functions (which is considered a backend). The web client SDKs are not really designed for backends, and there is not much of an advantage of using them over the the backend options. The client SDKs are used in client apps when you need the currently authenticated user to have restricted access according to security rules.
There is nothing really "unsafe" about the admin SDK. It's only as safe as the code you write that uses it.