Skills
skills/alirezarezvani/claude-skills/gdpr-audit-prep/Gen Agent Trust Hub

gdpr-audit-prep

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill's workflow involves executing multiple local Python scripts to perform compliance checks and report generation. These scripts (e.g., gdpr_compliance_checker.py, dpia_generator.py) are located in relative paths within the skill's environment.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted external data.
  • Ingestion points: Data enters the agent context through local JSON files: compliance_state.json, processing_activity.json, dsar_log.json, and program.json.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the skill's configuration for these inputs.
  • Capability inventory: The skill has the capability to execute shell commands via Python subprocesses across its entire workflow (SKILL.md).
  • Sanitization: No evidence of input validation or sanitization is provided in the skill documentation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 01:43 PM
Security Audit — agent-trust-hub — gdpr-audit-prep