google-slides-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md shows the agent fetches and ingests Google Slides content (e.g., "python scripts/slides.py get-text", "find", and "get-metadata") from user/third-party presentations on Google Drive, which are user-generated/untrusted content that the skill reads and can drive edits (replace-text, batch-update), so external slide content could indirectly inject instructions affecting actions.