gamma-skill
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a legitimate integration with the Gamma AI platform for document and presentation generation.
- [CREDENTIALS_UNSAFE]: While the skill uses an API key (
sk-gamma-xxxxxxxx), it follows secure practices by instructing the user to store it in a localconfig.jsonfile inside the skill's directory rather than hardcoding it in the script or environment variables. - [COMMAND_EXECUTION]: The skill uses standard Python subprocess execution for its operations. No arbitrary or dangerous shell command execution was found.
- [EXTERNAL_DOWNLOADS]: The skill communicates with the official Gamma API (
public-api.gamma.app) via HTTPS using the Python standard libraryurllib. These network operations are necessary for the skill's primary function and target a well-known service. - [INDIRECT_PROMPT_INJECTION]: The skill processes user-supplied text to generate presentations. While this is an ingestion point for untrusted data, the data is sent to the Gamma API as structured content rather than being executed locally. Standard LLM safety guidelines on the provider side apply.
Audit Metadata