google-slides-automation

Warn

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on local Python scripts (scripts/auth.py and scripts/slides.py) to perform all actions. These scripts are executed via the command line. Because the source code for these scripts is not included in the provided skill definition, their behavior and any potential malicious commands they might execute cannot be audited.
  • [CREDENTIALS_UNSAFE]: The documentation indicates that OAuth tokens are refreshed using a "cloud function." Standard OAuth implementations for Google services communicate directly with Google's authentication servers. Using an intermediary cloud function for token management is a non-standard practice that could allow a third party to intercept or harvest sensitive authentication credentials.
  • [PROMPT_INJECTION]: The skill processes untrusted data from Google Slides, which creates an indirect prompt injection surface.
  • Ingestion points: The get-text command extracts all text content from a presentation (shapes, text boxes, and tables) and feeds it into the agent's context.
  • Boundary markers: No boundary markers or "ignore embedded instructions" warnings are used when processing the retrieved text.
  • Capability inventory: The skill has extensive capabilities, including creating, modifying, and deleting presentation content, and executing shell commands via the included Python scripts.
  • Sanitization: There is no evidence of sanitization, filtering, or validation of the data retrieved from the Slides API before it is processed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 20, 2026, 12:16 PM
Security Audit — agent-trust-hub — google-slides-automation