Gamma Presentations Skill
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a local script at
scripts/gamma-generator.jsto execute generation logic and handle API responses. - [COMMAND_EXECUTION]: An
--openflag is provided to automatically launch generated PDF or PowerPoint files using system-level commands, which is a standard convenience feature. - [EXTERNAL_DOWNLOADS]: The skill communicates with
public-api.gamma.app, a well-known service, to transmit content and retrieve generated document links and exports. - [DATA_EXPOSURE]: To function, the skill reads various workspace files (e.g., README.md, project notes) and sends their content to the external Gamma service for processing.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from the workspace, creating an attack surface for indirect prompt injection. Ingestion points: Workspace files specified by the user or matched by triggers (e.g.,
README.md). Boundary markers: None documented in the instruction set. Capability inventory: File system read/write, network communication via API, and system command execution for opening files. Sanitization: No explicit sanitization or validation of workspace content is described.
Audit Metadata