didit-phone-verification
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill and its associated Python script communicate exclusively with verified vendor domains (
verification.didit.meandapx.didit.me) for OTP verification services. - [SAFE]: Sensitive information is handled using the environment variable
DIDIT_API_KEY, following security best practices for credential management and avoiding hardcoded secrets. - [SAFE]: No obfuscation, prompt injection, or persistence mechanisms were detected in the skill instructions or the implementation scripts.
- [SAFE]: The skill exhibits an indirect prompt injection surface through the processing of user-provided phone numbers and codes; however, these are handled as structured JSON data and transmitted via standard HTTP requests, presenting no identifiable risk of command or instruction injection.
Audit Metadata