didit-kyc-onboarding

The skill's footprint is largely coherent with its purpose: it provides a Didit-based KYC workflow creation, session generation, and decision retrieval flow. However, there are notable security and privacy gaps in the documentation: exposed API keys in examples, lack of explicit secret management guidance, incomplete data-protection details (encryption, access controls, webhooks validation), and potential exposure of PII/biometrics in logs or outputs. The use of external API keys and webhooks is standard but warrants rigorous security practices. Overall, the skill is BEARABLE as a legitimate integration, but has elevated risk due to credential exposure in samples and insufficient data-security guidance. Treat as SUSPICIOUS to HIGH-RISK until security best practices are clearly documented and enforced in usage guidelines.