Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/gamma-migration-deep-dive/Gen Agent Trust Hub

gamma-migration-deep-dive

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute Node.js scripts for migration logic and file system operations.
  • [DATA_EXFILTRATION]: Local presentation files are read and uploaded to the Gamma platform's API (gamma.app) as part of the intended migration process.
  • [EXTERNAL_DOWNLOADS]: The scripts depend on several external Node.js packages including @gamma/sdk, googleapis, jszip, xml2js, and p-queue.
  • [PROMPT_INJECTION]: An indirect prompt injection surface exists as the skill ingests unvalidated metadata (title, creator) from source PowerPoint files (lib/powerpoint-migrator.ts). It lacks boundary markers and sanitization when interpolating this data into API requests, while possessing significant capabilities like command execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 01:06 AM