data-disclosure
Installation
SKILL.md
Disclosure of Information Analysis (LINDDUN D2)
Analyze source code for disclosure threats where personal data is accessible to unauthorized parties. Focuses specifically on personal and sensitive data rather than general system information. Covers direct disclosure (data breach vectors) and indirect disclosure (third-party sharing, over-collection).
Supported Flags
Read ../../shared/schemas/flags.md for full flag
documentation. This skill supports all cross-cutting flags.
| Flag | Disclosure-Specific Behavior |
|---|---|
--scope |
Default changed. Focuses on files handling personal data: API handlers, data models, logging, caching, third-party integrations, and error handling. |
--depth quick |
Grep patterns only: scan for PII in logs, error messages, and third-party data sharing. |
--depth standard |
Full code read, trace personal data flows within each file, check access controls on personal data stores. |
--depth deep |
Cross-file personal data flow tracing. Map all paths where PII exits the application boundary. |
--depth expert |
Deep + breach simulation: model what personal data is exposed in each attack scenario. |
Related skills