google-slides-skill
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes external data that could contain malicious instructions.
- Ingestion points: The
commentscommand inslides_skill.pyfetches comment content, author names, and replies from the Google Drive API. - Boundary markers: The script does not use delimiters or provide instructions to the agent to treat the retrieved comment content as untrusted data.
- Capability inventory: The skill has the ability to write files to the local system (via
export), modify/delete Slides content, and has access to the high-privilegeBashtool as defined inSKILL.md. - Sanitization: External comment content is printed directly as JSON without sanitization or escaping.
- [CREDENTIALS_UNSAFE]: The script implements a shared authentication strategy that involves accessing sensitive files in other directories.
- Evidence: The
get_credentials_filefunction inslides_skill.pyattempts to readcredentials.jsonfrom~/.claude/skills/gmail-skill/and~/.claude/skills/google-sheets-skill/if local credentials are missing. While this facilitates a 'suite' experience for the user, it involves accessing sensitive authentication data outside the skill's own directory.
Audit Metadata