gdpr-breach-sentinel-oliver-schmidt-prietz
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (SAFE): The skill possesses a surface for indirect prompt injection as it ingests untrusted breach data provided by the user. \n
- Ingestion points: Incident details provided in 'Guided', 'Fast Path', or 'Emergency' modes. \n
- Boundary markers: Not explicitly defined in these documentation files. \n
- Capability inventory: Dynamic web research and .docx file generation. \n
- Sanitization: No evidence of malicious payloads or attempts to bypass agent constraints were found in the provided files.\n- [Data Exposure] (SAFE): The 'Dynamic Web Research' and 'SA Contact Lookup' features describe network-enabled tasks. Analysis confirms these are restricted to legitimate regulatory research (e.g., finding DPA portals) and do not contain code for exfiltrating sensitive breach data to attacker-controlled domains.
Audit Metadata