google-slides

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs embedding OAuth client_id/client_secret in plaintext files and passing --client-secret on the command line, which requires the LLM or user-facing agent to handle and emit secret values verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly reads arbitrary presentation content via the presentations read / presentations get functionality in scripts/google-slides.py (extracting slide text/tables) and also accepts arbitrary public image URLs via images create, so it ingests user-generated/third‑party content from Google Slides and public URLs which could carry indirect prompt injections.