gdpr-compliance-checker

SUSPICIOUS. The skill's main GDPR-audit purpose is plausible, but its actual footprint is broad: it reads sensitive repo areas including .env files, performs autonomous web research, and relies on unverified transitive format skills before proceeding. I found no confirmed malware, no remote-code execution, and no explicit credential forwarding to third-party binaries, but the combination of broad local access plus network activity plus transitive skill dependence makes the skill medium risk.