The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The script implements secure credential management by utilizing the system keyring to store and retrieve OAuth 2.0 tokens. It avoids hardcoding secrets, instead requiring users to provide client IDs and secrets through environment variables or local configuration files.- [EXTERNAL_DOWNLOADS]: Dependencies are restricted to well-known, official Google client libraries and standard Python packages for configuration and security. All API interactions are directed to official Google endpoints.- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface because it can read and extract text content from existing slides. An attacker could place malicious instructions inside a presentation that the agent might follow upon reading it.
- Ingestion points: The read_presentation_content function in scripts/google-slides.py extracts raw text from all slide elements.
- Boundary markers: Extracted slide content is delimited by simple text headers like '--- Slide N ---'.
- Capability inventory: The skill can create, delete, and modify slide content, as well as export data to the local file system as PDF.
- Sanitization: The script does not perform any sanitization or filtering of the extracted slide text before returning it to the agent context.

google-slides