gslides
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the user to run a local setup script (
./secrets/setup.sh) to register the figma and google-slides MCP servers and pull Google OAuth credentials from a vendor-managed 1Password account (inkeep.1password.com).\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external sources to populate slide content and generate visual assets.\n - Ingestion points: The workflow reads documents from
~/reports/, retrieves content from user-provided Google Slides URLs, and processes external URLs or documents mentioned in the prompt.\n - Boundary markers: There are no explicit instructions or delimiters used to separate the ingested source content from the agent's instructions, nor warnings to ignore embedded commands.\n
- Capability inventory: The skill possesses significant capabilities including the ability to create, modify, and style presentations via the
google-slidesMCP server, read design data via thefigmaMCP server, and spawn subagents via theAgenttool.\n - Sanitization: No sanitization, validation, or escaping of the ingested data is performed before it is used to write slide content or passed to graphics subagents.
Audit Metadata