interhuman-authentication
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMDATA_EXFILTRATION
Full Analysis
- [Data Exposure & Exfiltration] (MEDIUM): The skill is designed to handle and transmit sensitive authentication credentials (
key_id,key_secret). These secrets are sent via POST request to an external domain (api.interhuman.ai) that is not on the trusted source whitelist. This represents a risk of credential exposure if the agent logs or improperly handles the input parameters. - [Indirect Prompt Injection] (MEDIUM): The skill provides an ingestion surface for untrusted data (credentials and scopes) which are used to perform a network operation that results in a high-privilege artifact (a Bearer access token). There are no explicit boundary markers or sanitization steps mentioned for the input data, and the resulting token grants the agent further capabilities to interact with Interhuman's processing APIs.
Audit Metadata