interhuman-stream
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill creates a direct injection surface by proxying untrusted external data. Ingestion point: WebSocket messages from
wss://api.interhuman.ai/v0/stream/analyzeinSKILL.md. Boundary markers: None; the skill fails to use delimiters or instructions to treat the API output as data rather than instructions. Capability inventory: Designed for AI agents that possess broader tool-use and decision-making capabilities. Sanitization: Explicitly prohibited by rules requiring the agent to 'relay all WebSocket messages exactly as received' and 'NOT modify, transform, or filter messages'. - [Data Exfiltration] (LOW): The skill performs network operations to
api.interhuman.ai, which is not on the trusted domain whitelist. It transmits video stream segments and bearer tokens to this external endpoint. While functional, the lack of sanitization means any sensitive data included in the API's verbatim responses will be exposed to the agent context.
Recommendations
- AI detected serious security threats
Audit Metadata