Skills
skills/mukul975/privacy-data-protection-skills/ropa-tool-integration/Gen Agent Trust Hub

ropa-tool-integration

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill facilitates API-based synchronization with well-known privacy management platforms, including OneTrust, TrustArc, Collibra, and DataGrail. These interactions are documented for legitimate synchronization purposes.\n- [COMMAND_EXECUTION]: The script scripts/process.py executes local file system operations to read and write RoPA records in JSON and CSV formats as part of its core data transformation functionality.\n- [PROMPT_INJECTION]: A surface for indirect prompt injection was identified as the skill ingests and processes untrusted external RoPA data.\n
  • Ingestion points: The scripts/process.py script loads data via load_ropa_json and import_from_csv functions.\n
  • Boundary markers: No specific delimiters or instructions to ignore embedded content were found in the data processing logic.\n
  • Capability inventory: The skill has the capability to write files in scripts/process.py and perform network requests via API snippets in SKILL.md.\n
  • Sanitization: The skill lacks explicit sanitization or validation of the content within the RoPA records before they are used in API calls or exported files.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 11:39 AM