Skills
skills/ypyt1/all-skills/data-privacy-engineer/Gen Agent Trust Hub

data-privacy-engineer

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONNO_CODE
Full Analysis
  • [COMMAND_EXECUTION]: The agent configuration in references/agents/data-privacy-engineer.md includes the Bash tool, which allows for the execution of arbitrary shell commands. While consistent with an engineering persona, this represents a significant capability that could be exploited if the agent is misled by untrusted data.
  • [EXTERNAL_DOWNLOADS]: The agent is granted access to the WebFetch tool, enabling it to retrieve content from external URLs.
  • [NO_CODE]: The skill package does not include any executable scripts, binaries, or logic in programming languages like Python or JavaScript. It consists solely of markdown-based instructions and metadata.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection:
  • Ingestion points: Untrusted data enters the agent context via the WebFetch and Read tools in references/agents/data-privacy-engineer.md.
  • Boundary markers: The instructions do not define clear delimiters or "ignore embedded instructions" warnings to differentiate between system instructions and processed data.
  • Capability inventory: The agent possesses high-impact tools including Bash (command execution), Write and MultiEdit (file modification), and WebFetch (network access).
  • Sanitization: No mechanisms for data validation, escaping, or sanitization are prescribed in the instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 01:37 AM