Skills
skills/didit-protocol/didit-agent-skills/didit-id-document-verification/Gen Agent Trust Hub

didit-id-document-verification

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill's primary function is to verify identity documents by communicating with the author's official API endpoints. No malicious patterns such as obfuscation, persistence, or privilege escalation were detected.
  • [EXTERNAL_DOWNLOADS]: The script scripts/verify_id.py performs network requests to https://verification.didit.me. These operations target the vendor's own infrastructure and are necessary for the skill's stated purpose.
  • [CREDENTIALS_UNSAFE]: API keys are correctly managed via the DIDIT_API_KEY environment variable. The documentation provides placeholders rather than hardcoded secrets.
  • [PROMPT_INJECTION]: The skill extracts text from identity documents via OCR, creating an indirect prompt injection surface.
  • Ingestion points: front_image and back_image parameters in scripts/verify_id.py.
  • Boundary markers: Absent; raw OCR data is returned in the JSON response.
  • Capability inventory: Network operations via requests.post to the Didit API.
  • Sanitization: None; data is extracted and returned as provided by the document and OCR engine.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 05:21 AM