Privacy Data-Flow Review

Pre-write privacy review that classifies PII/PHI/PCI, traces where data flows, and generates a DATA_FLOW.md record before code that touches sensitive fields is

triggers:privacy reviewdata flowPIIPHIPCIDATA_FLOW.mdcompliance

GitHub SKILL.md

What it does

This skill performs a pre-write privacy review whenever code touches potentially sensitive user data (PII, PHI, PCI, GDPR special categories, or confidential business data). It classifies fields, traces storage/transit/third-party processors, maps applicable jurisdictions and regulations, and writes a structured DATA_FLOW.md entry to the project's scratchpad.

When to use it

Invoke before editing or writing code that reads, logs, stores, or transmits user-identifiable data — e.g., adding a new field to an API, instrumenting logs, or integrating a processor like Sentry or OpenAI. It should run as a gate in code review or automated pre-commit checks for sensitive fields.

What's included

Scripts: none included in the SKILL.md (has_scripts=false)
References: none bundled (has_references=false)
Instructions: step-by-step classification guidance, a data-flow checklist (storage, encryption, logging, retention, backups, replication), jurisdiction mapping (GDPR, HIPAA, PCI, CCPA), and explicit 'don't' rules (when to refuse). The skill also includes a template for DATA_FLOW.md content.

Compatible agents

Agents that perform code edits, code-review automation, or compliance scanning can use this (Codex, Claude Code, static analysis bots). The guidance is implementation-agnostic but assumes access to repo files and the ability to append to a project scratchpad.

Not yet audited

This skill has not been reviewed by our automated audit pipeline yet.

Information

Repository: agentic-security
Stars: 63
Installs: 0

Related Skills

Reverse Engineer

Provides step-by-step guidance and best practices for binary reverse engineering: static analysis, dynamic tracing, disassembly, and documentation workflows for

Sandbox0 Integration

Guidance and templates for integrating Sandbox0 sandboxing into AI agents — CLI/SDK patterns, templates, volumes, network policy, and deployment choices.

CTF Write-up Generator

Generate a concise, reproducible submission-style CTF writeup with a one-path solution script, metadata, and a short checklist for fast verification.

GRC & Compliance (ServiceNow)

Guides Governance, Risk & Compliance (GRC) work in ServiceNow: policies, controls, risk records, audits and ES5 script examples for automating GRC workflows.

Azure External Attack Surface Management

Provides expert guidance for Azure External Attack Surface Management (EASM): quotas, configuration, integrations, and exporting inventory to analytics platform

Node.js Best Practices

Guidelines and decision-making for Node.js architecture, runtime, async patterns, security, validation, and testing to inform framework and system choices.

radar — Smart Contract AST & Security Analysis

Multi-framework AST generator and static analysis tool for smart contracts (Rust/Anchor/Stylus and Solidity/Foundry) with a template DSL for writing detection r

Bash Pro

Defensive, production-grade Bash scripting patterns and CI/CD best practices: strict mode, safe argument parsing, testing with Bats, and tooling (ShellCheck/shf

Back to Skills

Privacy Data-Flow Review

from agentic-security63

Pre-write privacy review that classifies PII/PHI/PCI, traces where data flows, and generates a DATA_FLOW.md record before code that touches sensitive fields is

triggers:privacy reviewdata flowPIIPHIPCIDATA_FLOW.mdcompliance

GitHub SKILL.md

What it does

When to use it

What's included

Scripts: none included in the SKILL.md (has_scripts=false)
References: none bundled (has_references=false)
Instructions: step-by-step classification guidance, a data-flow checklist (storage, encryption, logging, retention, backups, replication), jurisdiction mapping (GDPR, HIPAA, PCI, CCPA), and explicit 'don't' rules (when to refuse). The skill also includes a template for DATA_FLOW.md content.

Compatible agents

Not yet audited

This skill has not been reviewed by our automated audit pipeline yet.

Information

Repository: agentic-security
Stars: 63
Installs: 0

Related Skills

Reverse Engineer

Provides step-by-step guidance and best practices for binary reverse engineering: static analysis, dynamic tracing, disassembly, and documentation workflows for

Sandbox0 Integration

Guidance and templates for integrating Sandbox0 sandboxing into AI agents — CLI/SDK patterns, templates, volumes, network policy, and deployment choices.

CTF Write-up Generator

Generate a concise, reproducible submission-style CTF writeup with a one-path solution script, metadata, and a short checklist for fast verification.

GRC & Compliance (ServiceNow)

Guides Governance, Risk & Compliance (GRC) work in ServiceNow: policies, controls, risk records, audits and ES5 script examples for automating GRC workflows.

Azure External Attack Surface Management

Provides expert guidance for Azure External Attack Surface Management (EASM): quotas, configuration, integrations, and exporting inventory to analytics platform

Node.js Best Practices

Guidelines and decision-making for Node.js architecture, runtime, async patterns, security, validation, and testing to inform framework and system choices.

radar — Smart Contract AST & Security Analysis

Multi-framework AST generator and static analysis tool for smart contracts (Rust/Anchor/Stylus and Solidity/Foundry) with a template DSL for writing detection r

Bash Pro

Defensive, production-grade Bash scripting patterns and CI/CD best practices: strict mode, safe argument parsing, testing with Bats, and tooling (ShellCheck/shf

Privacy Data-Flow Review

What it does

When to use it

What's included

Compatible agents

Tags

Not yet audited

Information

Related Skills

Privacy Data-Flow Review

What it does

When to use it

What's included

Compatible agents

Tags

Not yet audited

Information

Related Skills