google-slides
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): Detected surface for Indirect Prompt Injection (Category 8). \n
- Ingestion points: The
read_slideoperation inslides_operations.pyreads content from external presentations into the agent's context, andadd-imageaccepts external URLs. \n - Boundary markers: No boundary markers or delimiters are specified in the skill instructions to distinguish between the agent's system instructions and data retrieved from slides. \n
- Capability inventory: The skill possesses the capability to modify cloud resources via the Google Slides API and write files to the local system using the
exportfunction, providing a potential side-effect path for injection attacks. \n - Sanitization: No sanitization or verification procedures for external content are documented within the skill files. \n- EXTERNAL_DOWNLOADS (SAFE): Recommends the installation of official Google authentication and API libraries from trusted registries. \n- COMMAND_EXECUTION (SAFE): Uses local Python scripts for slide operations via standard command-line interfaces, which is expected behavior for this skill type.
Audit Metadata