didit-liveness-detection

The skill aligns with its stated purpose of performing passive liveness verification via a remote API and returning structured biometric confidence data. It uses standard API-based interactions with explicit credentials and uploads biometric data to a third-party service, which is expected for this capability. The footprint is proportionate to the purpose but introduces significant privacy/security considerations around biometric data, data retention, and external data transfers. No unverifiable binaries or obvious credential-forwarding vectors are present. The overall risk is moderate with privacy/data-exfiltration concerns; ensure robust consent, data handling policies, and secure key management. SecurityRisk should be treated as MEDIUM to HIGH given biometric data handling, with malware near zero unless Didit API usage is abused.