skills/jeremylongshore/claude-code-plugins-plus-skills/scanning-for-gdpr-compliance/Gen Agent Trust Hub
scanning-for-gdpr-compliance
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted codebase files, creating a surface for indirect prompt injection.
- Ingestion points: The scripts/gdpr_scan.sh script (which contains Python code) reads and parses JSON files from the target directory during the scan process.
- Boundary markers: The skill instructions do not define specific delimiters or instructions for the agent to ignore commands potentially embedded within the data being scanned.
- Capability inventory: The skill is granted Read, Write, Edit, and Bash permissions, which could be leveraged if an agent is successfully manipulated by malicious content found in a scanned file.
- Sanitization: No sanitization or filtering is performed on the content of the files before it is processed by the AI agent.
- [COMMAND_EXECUTION]: The skill executes shell commands and Python scripts to perform compliance scanning tasks.
- Evidence: The SKILL.md file requests access to Bash tools (security, scan, audit) and the instructions require the agent to execute security analysis systematically. The scripts/gdpr_scan.sh file is a template script designed to be executed via the command line to process files and directories for analysis.
Audit Metadata