Skills
skills/didit-protocol/skills/didit-database-validation/Gen Agent Trust Hub

didit-database-validation

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFE
Full Analysis
  • [DATA_EXPOSURE_AND_EXFILTRATION]: The skill collects and transmits sensitive identity data (ID numbers, names) to the vendor's API at verification.didit.me. This is the intended behavior for identity verification.
  • [CREDENTIALS_UNSAFE]: The skill uses an environment variable (DIDIT_API_KEY) for authentication. No hardcoded keys or secrets are present.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted user data via command-line arguments. Ingestion points: scripts/validate_database.py. Boundary markers: None. Capability inventory: Network requests (POST) to verification.didit.me. Sanitization: None. The risk is evaluated as safe given the data is used for structured API parameters.
  • [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: Uses the standard 'requests' package for networking. No remote execution patterns found.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 06:44 AM