gdpr-dsgvo-expert
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMNO_CODECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- NO_CODE (MEDIUM): The skill references three Python scripts (gdpr_compliance_checker.py, dpia_generator.py, and data_subject_rights_tracker.py) which are not included in the package, making the tool's behavior unverifiable.
- DATA_EXFILTRATION (LOW): The tool is designed to identify and aggregate sensitive Personal Identifiable Information (PII), special category data, and financial records from codebases; without the source code, it is impossible to verify if this data is exfiltrated.
- COMMAND_EXECUTION (LOW): The documentation instructs the agent to execute shell commands to run local Python scripts.
- INDIRECT PROMPT INJECTION (LOW): The skill possesses an attack surface for indirect prompt injection. 1. Ingestion points:
gdpr_compliance_checker.pyscans arbitrary files in a project directory. 2. Boundary markers: Absent; no instructions are provided to the agent to treat scanned content as untrusted. 3. Capability inventory: Python script execution, file reading, and file writing to the local system. 4. Sanitization: Absent; the tool does not document any validation or escaping of the code it scans.
Audit Metadata