didit-liveness-detection

This skill document is an API integration guide for Didit's passive liveness endpoint. It contains no signs of obfuscated or embedded malware, no download-execute supply-chain patterns, and no hidden credential-harvesting redirects. The main security considerations are privacy and credential handling: (1) sensitive biometric images are uploaded to an external service and may be stored by default (save_api_request true), (2) the DIDIT_API_KEY is required and must be treated as a secret, and (3) integrators must verify the Didit domains and compliance posture before sending PII. Overall the content is functionally consistent with its stated purpose (liveness verification) and does not appear malicious, but it carries moderate privacy and data-exposure risk that should be managed by design and operational controls.