gdpr-dsgvo-expert
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's DPIA generator tool processes untrusted external data which could lead to indirect prompt injection when the output is analyzed by an agent.
- Ingestion points: The file
scripts/dpia_generator.pyreads processing activity details from a user-provided JSON input file and generates a markdown report. - Boundary markers: The generated markdown report does not use specific delimiters or instructions to indicate that the content is untrusted data.
- Capability inventory: The skill's scripts are restricted to standard library modules for file system operations; they do not perform network requests, execute shell commands, or use dynamic code evaluation like
eval()orexec(). - Sanitization: The script performs direct string interpolation of user-provided fields (e.g., project name, description, and justifications) into the markdown report without filtering for instruction-like patterns.
Audit Metadata