gamma-sdk-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill directly calls the public Gamma REST API (e.g., https://public-api.gamma.app/v1.0/ POST /v1.0/generations and GET /v1.0/generations/{id} as shown in lib/gamma.ts and the pollUntilDone/generateAndWait workflow) and ingests those external, potentially user-generated responses which the agent reads and uses to drive behavior (status-based polling, returning URLs/files), exposing it to untrusted third-party content that could influence actions.