gamma-core-workflow-a
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [SAFE]: No malicious behavior, obfuscation, or credential safety issues were identified in the skill instructions or provided code snippets. The skill processes user-provided content which is sent to an external API (Gamma). While this presents a surface for indirect prompt injection where malicious input could influence generated content, the skill functions as intended by design and does not perform automated actions on untrusted output.
- [EXTERNAL_DOWNLOADS]: The skill connects to the official Gamma API (public-api.gamma.app) to perform its intended functions and references official developer documentation for legitimate integration purposes.
- [DATA_EXFILTRATION]: The skill transmits user-provided text prompts and API keys (via environment variables) to the Gamma platform. This data transmission is the primary purpose of the skill and is directed to the official service endpoint.
Audit Metadata