gpc-cookie-integration
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were detected. The skill is a legitimate technical resource for privacy compliance.
- [COMMAND_EXECUTION]: The skill includes a Flask-based Python script (
scripts/process.py) to handle GPC signals. It uses standard library functions and common web frameworks (Flask) to process HTTP headers and geolocation data. No dangerous command execution or subprocess spawning was identified. - [DATA_EXFILTRATION]: The skill handles sensitive data such as user IP addresses for geolocation. The implementation includes pseudonymization (hashing) before logging, which is a privacy best practice. No unauthorized data exfiltration patterns were detected.
- [INDIRECT_PROMPT_INJECTION]: The skill defines a data ingestion surface by processing HTTP headers (
Sec-GPC) and IP addresses. While this represents a theoretical attack surface for the system being built, the provided logic is structured and does not involve interpolation into AI prompts in a way that would allow for injection. Boundary markers and sanitization (hashing) are used appropriately for the implementation's scope.
Audit Metadata