gdpr-dsgvo-expert
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- PROMPT_INJECTION (LOW): Indirect Prompt Injection Surface. The
gdpr_compliance_checker.pytool is designed to scan external codebases and projects. This presents a risk where malicious instructions embedded in a target project's files (such as in markdown, comments, or metadata) could influence the AI agent's analysis or cause it to output biased recommendations. - Ingestion points: Local file system paths passed to
gdpr_compliance_checker.pyand JSON templates fordpia_generator.py. - Boundary markers: No specific delimiters or "ignore instructions" warnings are documented for the processing of external files.
- Capability inventory: The skill uses scripts to perform file system reads and pattern matching on sensitive data (PII).
- Sanitization: No sanitization or validation logic is evident in the documentation to prevent processed data from influencing the agent's instruction context.
- NO_CODE (SAFE): The skill references several Python scripts (
gdpr_compliance_checker.py,dpia_generator.py,data_subject_rights_tracker.py) as the primary execution engine. These scripts were not provided in the analyzed file set, meaning their internal logic, network operations, and file handling cannot be verified.
Audit Metadata