The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes shell commands to manage authentication and interact with the Didit API, specifically using python3 for credential parsing and curl for network requests.
[DATA_EXFILTRATION]: The skill collects and transmits sensitive personal identifiable information (PII), such as full names, dates of birth, identification numbers, and residential addresses, to api.gooseworks.ai. This data transfer is the core functionality of the identity verification and AML screening service.
[CREDENTIALS_UNSAFE]: The skill is configured to read its API authentication key from a local file located at ~/.gooseworks/credentials.json.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it ingests untrusted user data and interpolates it into shell-based curl commands.
Ingestion points: Parameters like full_name, email, phone_number, and identification_number provided by the user and processed in SKILL.md.
Boundary markers: No explicit boundary markers or delimiters are used in the shell command examples to isolate user input.
Capability inventory: The skill has the capability to perform network operations and execute local commands.
Sanitization: No specific input validation or escaping mechanisms are described; the skill relies on the agent to handle data interpolation securely.

identity-verification-didit