google-slides-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's slides_skill.py explicitly fetches and parses user-generated comments via drive.comments().list (see cmd_comments and the "comments" command in SKILL.md), ingesting arbitrary third-party comment content and quotedFileContent which the agent may read and act on (e.g., resolving comments or making edits), so untrusted content can materially influence actions.