didit-face-match
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill communicates with official Didit domains (didit.me) to perform face matching, authentication, and billing checks. These are vendor-owned resources required for the core functionality of the skill.
- [CREDENTIALS_UNSAFE]: API authentication is managed using the DIDIT_API_KEY environment variable. This is a standard and recommended practice for protecting secrets in agent skills, and no hardcoded credentials were found.
- [COMMAND_EXECUTION]: The Python script (scripts/match_faces.py) uses the argparse and requests libraries to process user input and interact with the API. It does not use any unsafe functions like eval() or subprocess.run(shell=True).
Audit Metadata