The Agent Skills Directory

[DATA_EXFILTRATION]: The skill is designed to scan highly sensitive file paths to identify personal data and compliance gaps.
Evidence: The SKILL.md file explicitly instructs the agent to scan environment files (.env, .env.local, .env.production), database schemas (schema.prisma, *.sql), and authentication-related files (auth, login, session, jwt, oauth).
Evidence: This scanning activity exposes hardcoded credentials, API keys, and sensitive infrastructure details to the agent's context.
[DATA_EXFILTRATION]: The skill uses strings discovered within the codebase (e.g., processor names) to perform external web searches.
Evidence: The Internal: Research third-party processors section in SKILL.md directs the agent to run parallel web searches for any SDK or service found, potentially leaking details of the user's tech stack to search engines.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from the user's codebase.
Evidence: The skill lacks boundary markers or explicit instructions to the agent to disregard malicious instructions embedded within the scanned source code, comments, or configuration files (Category 8 surface).
Capability Inventory: The agent has file-read access to the entire repository, web search capabilities, and the ability to write multiple files (via export skills).
[COMMAND_EXECUTION]: The skill involves complex file manipulation of generated outputs.
Evidence: For .docx export, the skill instructs the agent to "unpack, remove the first (default) occurrence of any duplicated styleId in styles.xml, repack," which involves shell commands or tool execution on sensitive document buffers.

gdpr-compliance-checker