generating-google-slides
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it transforms untrusted user input (like meeting notes or proposals) into structured data for script execution.\n
- Ingestion points: As described in Step 1 of
INSTRUCTIONS.md, the skill accepts free-form text as the primary source for slide generation.\n - Boundary markers: The skill does not define or use explicit delimiters (e.g., markers or tags) to isolate the untrusted user input from the model's operational instructions, which may allow embedded commands to be interpreted as system directives.\n
- Capability inventory: The resulting
slideDatais used in a Google Apps Script that has the capability to create, remove, and modify slides via theSlidesAppAPI.\n - Sanitization: While the instructions require the model to escape backticks and newlines for JavaScript compatibility, there are no sanitization steps to filter or ignore potentially malicious instructions embedded in the input content.
Audit Metadata