gslides

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests external URLs and user-provided Google Slides (Step 1 "Content sources: reports..., URLs", Step 2 use of user-provided Google Slides via mcp__google-slides__get_presentation) and the graphics-delegation requires passing "Sources: paths to reports, docs, or URLs" for subagents to read and act on, so untrusted third‑party content can be read and can influence subsequent tool calls and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.75). The skill explicitly reads external files at runtime via the Figma and Google Slides MCPs (e.g., https://www.figma.com/design/D7NDSM2peo1iLhkjLxmGP5/Inkeep-Design-Assetts and https://docs.google.com/presentation/d/17MAbcMEVNT1jcD1VRtF9h0gTTsmIoUtokekWEgoR3Rk), and those fetched assets/slide content are passed into subagent prompts and used to drive generation/behavior, so they constitute runtime external content that directly controls agent prompts.