gws-slides
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by reading external data from Google Slides presentations. Malicious instructions embedded within slides could potentially influence the agent's behavior during processing.
- Ingestion points: Presentation data is retrieved using the
presentations.getmethod inSKILL.md. - Boundary markers: The skill does not implement specific delimiters or 'ignore' instructions to separate presentation content from system commands.
- Capability inventory: The skill has the capability to execute shell commands via the
gwsbinary to perform API actions. - Sanitization: The skill does not describe any sanitization or validation processes for the data fetched from the Slides API.
- [COMMAND_EXECUTION]: The skill executes the
gwscommand-line utility to perform its core functions. This behavior is expected as it is a vendor-provided tool for managing Google Workspace resources.
Audit Metadata