Skills
skills/melodic-software/claude-code-plugins/assess-gdpr/Gen Agent Trust Hub

assess-gdpr

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill directly interpolates user-controlled data from the $ARGUMENTS variable into the prompt for the privacy-officer agent. Without proper delimiters or sanitization, a malicious user could provide input designed to override the agent's instructions or bypass its intended behavior.- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user input which acts as an attack surface for indirect prompt injection.
  • Ingestion points: The $ARGUMENTS variable in SKILL.md used to define the scope of the GDPR assessment.
  • Boundary markers: None. The input is placed directly after a colon without delimiters such as triple quotes or XML tags.
  • Capability inventory: The skill has the ability to load other skills (gdpr-compliance, data-classification) and spawn a sub-agent (privacy-officer).
  • Sanitization: No input validation or sanitization is performed on the user-provided arguments.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 04:21 AM