Skills
skills/adaptationio/skrillz/terra-auth/Gen Agent Trust Hub

terra-auth

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCREDENTIALS_UNSAFE
Full Analysis
  • [CREDENTIALS_UNSAFE] (HIGH): Hardcoded Terra API credentials for multiple environments including production.
  • Evidence: The file SKILL.md contains explicit dev_id and api_key values for testing, staging, and production environments (e.g., botaniqalmedtech-prod-yrc99AwsT2).
  • Impact: Anyone with access to the skill can authenticate as the 'botaniqalmedtech' entity, potentially accessing sensitive health data or modifying integrations.
  • [DATA_EXFILTRATION] (HIGH): The skill documentation encourages and provides code for accessing sensitive local credential files.
  • Evidence: Code snippets explicitly read from .env.terra.production and .env.terra.staging using load_dotenv.
  • [INDIRECT_PROMPT_INJECTION] (MEDIUM): The skill exposes an attack surface by accepting unvalidated external URLs and reference IDs that are passed to the Terra API.
  • Ingestion points: generate_widget_session function in SKILL.md.
  • Boundary markers: None present.
  • Capability inventory: Makes network requests to api.tryterra.co via the terra SDK.
  • Sanitization: No evidence of URL validation or input escaping before passing data to the SDK.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 05:16 AM