Skills
skills/yariv1025/skills/owasp-privacy-top-10

owasp-privacy-top-10

SKILL.md

OWASP Top 10 Privacy Risks

This skill encodes the OWASP Top 10 Privacy Risks for privacy-aware design and review. References are loaded per risk. Based on OWASP Top 10 Privacy Risks v2.0 2021.

When to Read Which Reference

Risk Read
P1 Web Application Vulnerabilities references/p1-web-app-vulnerabilities.md
P2 Operator-sided Data Leakage references/p2-operator-data-leakage.md
P3 Insufficient Data Breach Response references/p3-breach-response.md
P4 Consent on Everything references/p4-consent.md
P5 Non-transparent Policies references/p5-non-transparent-policies.md
P6 Insufficient Deletion of User Data references/p6-insufficient-deletion.md
P7 Insufficient Data Quality references/p7-data-quality.md
P8 Missing or Insufficient Session Expiration references/p8-session-expiration.md
P9 Inability to Access and Modify Data references/p9-user-access-modify-data.md
P10 Excessive Data Collection references/p10-excessive-collection.md

Quick Patterns

  • Fix technical vulnerabilities that affect data; prevent operator leakage; have a breach response plan. Obtain valid consent; be transparent; support deletion, access, and portability; minimize collection; expire sessions.

Quick Reference / Examples

Task Approach
Obtain valid consent Explicit opt-in, granular choices, easy withdrawal. See P4.
Support data deletion Implement "right to erasure" across all stores. See P6.
Provide data access Export user data in portable format (JSON/CSV). See P9.
Minimize collection Collect only what's necessary for the stated purpose. See P10.
Breach response Have a documented plan, notify within required timeframes. See P3.

Data deletion endpoint:

@app.delete("/api/users/{user_id}/data")
def delete_user_data(user_id: str, current_user: User):
    if current_user.id != user_id:
        raise HTTPException(403)
    # Delete from all data stores
    UserDB.delete(user_id)
    AnalyticsDB.anonymize(user_id)
    SearchIndex.remove(user_id)
    BackupService.schedule_deletion(user_id)
    return {"status": "deletion_scheduled"}

Consent collection (explicit opt-in):

// Require explicit action, no pre-checked boxes
<input type="checkbox" id="marketing" />
<label for="marketing">I agree to receive marketing emails</label>
// Only enable submit when required consents are given

Data export endpoint:

@app.get("/api/users/{user_id}/export")
def export_user_data(user_id: str):
    data = collect_all_user_data(user_id)
    return Response(
        content=json.dumps(data, indent=2),
        media_type="application/json",
        headers={"Content-Disposition": f"attachment; filename={user_id}_data.json"}
    )

Workflow

Load the reference for the risk you are addressing. See OWASP Top 10 Privacy Risks for the official list.

Weekly Installs
5
Repository
yariv1025/skills
GitHub Stars
1
First Seen
Feb 15, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
Installed on
cursor5
gemini-cli3
github-copilot3
codex3
kimi-cli3
opencode3