CtrlK
BlogDocsLog inGet started
Tessl Logo

gdpr-data-handling

Implement GDPR-compliant data handling with consent management, data subject rights, and privacy by design. Use when building systems that process EU personal data, implementing privacy controls, or conducting GDPR compliance reviews.

70

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

72%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

A well-structured, lean overview with excellent progressive disclosure that defers implementation to a real, one-level-deep reference. The main gaps are the absence of any executable code or a sequenced validation workflow in the body itself, which keep actionability and workflow clarity at the mid-level.

Suggestions

Add one minimal executable snippet to the body (e.g., a consent-record schema or a DSAR-handling code stub) so the skill is copy-paste actionable without first opening references/details.md.

Include an explicit sequenced workflow with a validation checkpoint for at least one risky, time-sensitive operation such as DSAR handling (e.g., receive request → verify identity → locate data → fulfill or notify → audit-log, with a validation step before completion).

DimensionReasoningScore

Conciseness

The body is lean and assumes competence — it avoids explaining what GDPR is, and the article-number specifics (Art. 9/10, Art. 15–21, the 1-month DSR window) earn their place as detail Claude would not reliably recall. It is not level 2 because there is no padded boilerplate or unnecessary concept explanation; the minor overlap between the intro and the description is negligible.

3 / 3

Actionability

The Do's/Don'ts give concrete policy directives ('Encrypt PII - At rest and in transit', 'Don't pre-check consent boxes - Must be opt-in'), but the body contains no executable code or commands — all implementation lives in references/details.md, so guidance is incomplete in the copy-paste-ready sense. It is not level 3 because the 3-anchor requires fully executable, copy-paste-ready code/commands, which the body lacks; it is above level 1 because the directives are specific and actionable at a policy level.

2 / 3

Workflow Clarity

The body is organized into When-to-Use / Core Concepts / Best Practices, but it presents no sequenced multi-step workflow with validation checkpoints for time-sensitive processes like DSAR handling. It is not level 3 because there is no explicit sequence with validation/feedback loops; it is above level 1 because the sectioning gives a recognizable approach structure rather than missing steps entirely.

2 / 3

Progressive Disclosure

The body is a compact overview that clearly signals a one-level-deep reference ('Detailed sections ... live in references/details.md. Read that file when the navigation summary above is insufficient.'), and that file is verified to exist and contain the actual implementation patterns without chaining to further references. It is not level 2 because the split is appropriate — heavy implementation is correctly deferred — and navigation is explicitly signaled.

3 / 3

Total

10

/

12

Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A strong, concise description that covers what the skill does, when to use it, and distinct trigger terms in third-person imperative voice with no over-claims. No significant weaknesses relative to the rubric anchors.

DimensionReasoningScore

Specificity

The description names multiple concrete actions — 'consent management, data subject rights, and privacy by design' — matching the anchor that lists several specific capabilities rather than vague language.

3 / 3

Completeness

It explicitly answers both what ('Implement GDPR-compliant data handling with consent management, data subject rights, and privacy by design') and when ('Use when building systems that process EU personal data, implementing privacy controls, or conducting GDPR compliance reviews').

3 / 3

Trigger Term Quality

It includes natural terms a user would actually say — 'GDPR', 'consent management', 'data subject rights', 'privacy controls', 'EU personal data', 'GDPR compliance reviews' — giving good coverage of common variations.

3 / 3

Distinctiveness Conflict Risk

GDPR-specific triggers ('data subject rights', 'GDPR compliance reviews', 'EU personal data') carve out a clear niche unlikely to fire for unrelated skills.

3 / 3

Total

12

/

12

Passed

Validation

100%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation16 / 16 Passed

Validation for skill structure

No warnings or errors.

Repository
wshobson/agents
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.