google-slides-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly reads and writes arbitrary Google Slides presentations (see SKILL.md commands like scripts/slides.py get-text, find, get-metadata, replace-text, batch-update), meaning it ingests user-generated Google Slides content that the agent is expected to interpret and that can materially influence subsequent actions, so it could enable indirect prompt injection.