didit-kyc-onboarding

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly creates sessions and polls Didit's public API for verification results (see SKILL.md "Step 3: Get the Decision" and scripts/run_kyc.py get_decision/poll_decision calling GET https://verification.didit.me/v3/session/{sessionId}/decision/), which returns user-submitted/untrusted ID and selfie data that the agent reads and uses to approve/decline or take other actions, so third-party content can materially influence behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill includes explicit billing/payment endpoints (GET /v3/billing/balance/ and POST /v3/billing/top-up/ with {"amount_in_dollars": ..."} to produce a Stripe checkout link). This is a specific payment gateway integration (Stripe) rather than a generic API caller or browser automation, so it constitutes direct financial execution capability.