didit-verification-management

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes explicit flows and code that fetch, print, and embed API keys, bearer tokens, and webhook secrets (e.g., assigning resp.json()["application"]["api_key"], printing api_key, returning secret_shared_key), which requires the agent to read and output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill fetches and programmatically reads untrusted, user-generated verification results (including images/metadata) from the Didit API — for example the SKILL.md and scripts call GET /v3/session/{sessionId}/decision/ (and scripts/create_session.py's get_decision) and then use those results to drive actions like PATCH update-status and POST /v3/blocklist/, so third-party user content can directly influence decisions and tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill includes explicit billing/payment endpoints and a direct integration with Stripe. It provides GET /v3/billing/balance/ (credit balance, auto-refill settings) and POST /v3/billing/top-up/ which returns a Stripe checkout session ID and checkout URL ("https://checkout.stripe.com/..."). These are specific payment gateway operations (creating a checkout/payment session and managing credit top-ups/auto-refill), not generic API or browser automation. This qualifies as direct financial execution capability.