gpc-cookie-integration

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No security issues were detected. The skill is a legitimate technical resource for privacy compliance.
  • [COMMAND_EXECUTION]: The skill includes a Flask-based Python script (scripts/process.py) to handle GPC signals. It uses standard library functions and common web frameworks (Flask) to process HTTP headers and geolocation data. No dangerous command execution or subprocess spawning was identified.
  • [DATA_EXFILTRATION]: The skill handles sensitive data such as user IP addresses for geolocation. The implementation includes pseudonymization (hashing) before logging, which is a privacy best practice. No unauthorized data exfiltration patterns were detected.
  • [INDIRECT_PROMPT_INJECTION]: The skill defines a data ingestion surface by processing HTTP headers (Sec-GPC) and IP addresses. While this represents a theoretical attack surface for the system being built, the provided logic is structured and does not involve interpolation into AI prompts in a way that would allow for injection. Boundary markers and sanitization (hashing) are used appropriately for the implementation's scope.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 03:33 PM
Security Audit — agent-trust-hub — gpc-cookie-integration