didit-aml-screening

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt demonstrates and instructs embedding API keys and plaintext passwords directly into headers/requests and example commands (e.g., x-api-key header, export DIDIT_API_KEY, and a plaintext registration password/OTP), which requires the LLM to handle or reproduce secret values verbatim and thus poses an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill calls the Didit AML API and ingests its watchlist/adverse-media results (see the Response examples and "Response Field Reference" showing adverse_media_matches with headline, summary, source_url) and the Common Workflows explicitly instruct the agent to read hits[] and use them to determine "Approved/In Review/Rejected", so untrusted public third‑party content can materially influence decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill includes a specific billing API: POST /v3/billing/top-up/ with {"amount_in_dollars": ...} which is used to create a Stripe checkout link (explicitly mentions Stripe). This is a payment-specific endpoint (not a generic HTTP caller or browser automation) that initiates a money/top-up flow via a payment gateway, so it qualifies as direct financial execution capability.