clerk-data-handling

The Clerk Data Handling skill is broadly coherent with its stated purpose to support GDPR/privacy workflows (export, deletion, retention, consent, audit). The data flows and access scope are largely proportional to the tasks, and the use of Clerk DB and an optional external audit endpoint is reasonable. The main concerns are potential data exfiltration risk from an optional external audit POST, a minor inconsistency in getConsent (uses currentUser vs. provided userId), and a placeholder for external service deletions that could become a real integration risk if not implemented securely. Overall, the footprint is mostly benign with moderate security considerations requiring proper safeguards around the external audit endpoint and authorization alignment.