google-slides
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill possesses a surface for indirect prompt injection because it reads untrusted slide content and has the capability to modify presentations. \n
- Ingestion points: The
get-textcommand extracts all text from potentially attacker-controlled Google Slides (File: SKILL.md). \n - Boundary markers: No delimiters or safety instructions are defined to separate ingested content from system instructions. \n
- Capability inventory: The skill has extensive write permissions including
create,add-slide,replace-text, andbatch-update(File: SKILL.md). \n - Sanitization: No evidence of data sanitization or input validation for presentation content. \n- [NO_CODE] (SAFE): The core implementation scripts (
scripts/auth.pyandscripts/slides.py) are referenced but not included in the provided files. Analysis is based on the documentation and requirements.
Audit Metadata