cpra-opt-out-signals
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill instructions are focused strictly on privacy compliance and do not contain any patterns attempting to override agent behavior, bypass safety filters, or extract system prompts.
- [DATA_EXFILTRATION]: No attempts to access sensitive system files (e.g., .ssh, .aws credentials) or exfiltrate data to unauthorized domains were found. The included code examples use local or placeholder endpoints for logging GPC detection events.
- [CREDENTIALS_UNSAFE]: Analysis confirmed the absence of hardcoded API keys, tokens, or other sensitive credentials. Instructions for integration use standard configuration patterns.
- [EXTERNAL_DOWNLOADS]: The skill does not automate the downloading of external scripts or binaries. While it includes Bash snippets using curl for testing, these are documentation examples intended for manual use by a developer.
- [REMOTE_CODE_EXECUTION]: There are no patterns of executing code from remote sources or using dynamic execution functions like eval() or exec() with untrusted input.
- [COMMAND_EXECUTION]: The Python processing script uses standard libraries for logic and reporting without spawning dangerous subprocesses or interacting with the shell in an unsafe manner.
Audit Metadata