The Agent Skills Directory

[SAFE]: The skill implements robust security controls for API secret management. It includes logic to enforce the use of sandbox credentials by default and explicitly warns the user against providing production tokens in the agent context.
[SAFE]: The payload builder script (build_level.py) uses yaml.safe_load(), which is a security best practice that prevents remote code execution vulnerabilities during the parsing of YAML-based specifications.
[SAFE]: Network communication is strictly limited to the official Sumsub API endpoint. The request signing process uses standard HMAC-SHA256 authentication as documented by the service provider, ensuring integrity and authenticity.
[SAFE]: The skill requires explicit human-in-the-loop confirmation before performing any write operations (POST/PATCH), providing a critical safety checkpoint against unintended configuration changes.

sumsub-create-level