scanning-for-gdpr-compliance
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted codebase content which could contain malicious instructions designed to subvert the agent's behavior.
- Ingestion points: The script
scripts/gdpr_scan.shreads and processes files from the user-provided input directory path. - Boundary markers: Neither the instructions in
SKILL.mdnor the scripts utilize delimiters (like XML tags or triple quotes) or explicit instructions to ignore embedded commands within the processed data. - Capability inventory: The skill has access to sensitive tools including
Read,Write,Edit, and shell access viaBashscopes, which could be exploited following a successful injection. - Sanitization: No evidence of validation, escaping, or filtering of the scanned content is present in the provided scripts.
Audit Metadata