google-slides-review
Use this skill at the end of a Google Slides deck-creation flow run by the same agent in the current session, before reporting the finished URL to the user. Catches the failure modes a creating agent reliably misses — surviving placeholder text, unswapped template imagery, layout overflow, hidden-original leaks. Trigger when the parent google-slides workflow reaches Step 9 / QA, or when the user asks "is this deck ready?" / "QA my deck" about a deck this agent itself just edited. Do NOT trigger for reviewing decks the agent did not create — without the Step 5 pre-fill snapshot the leak check silently degrades and the result is misleading.
72
88%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Risky
Do not use without reviewing
Security
1 high severity finding. You should review these findings carefully before considering using this skill.
W007: Insecure credential handling detected in skill instructions
What this means
The skill handles credentials insecurely by requiring the agent to include secret values verbatim in its generated output. This exposes credentials in the agent’s context and conversation history, creating a risk of data exfiltration.
Why it was flagged
Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs sub-agents to read slide text/thumbnails and return one-sentence verbatim quotes (including byte-for-byte pattern vs filled text), so any secrets present in slides would be reproduced in the agent's output.
- Repository
- treasure-data/td-skills
- Commit
79bb9b8
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.