The Agent Skills Directory

[NO_CODE]: The skill depends on scripts/auth.py and scripts/slides.py for all operations, but these files are missing from the package, making it impossible to perform a complete security audit.
[DATA_EXFILTRATION]: The documentation states that OAuth tokens are refreshed through a 'cloud function' rather than directly with Google's endpoints. This non-standard implementation introduces a significant risk of credential interception or exfiltration by an external service.
[PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection. 1. Ingestion points: The get-text command in scripts/slides.py imports untrusted text content from presentations. 2. Boundary markers: No delimiters are used to isolate slide data from the agent context. 3. Capability inventory: The skill has broad permissions to create, replace text, and delete slides. 4. Sanitization: No sanitization or filtering of retrieved slide content is mentioned or evident.
[COMMAND_EXECUTION]: The setup and usage instructions require the execution of unverified local Python scripts for authentication and slide management tasks.

google-slides-automation