From agentic-security
Runs a privacy data-flow review before writing code that touches PII, PHI, PCI, or confidential business data. Classifies each field, traces storage, encryption, third-party processors, logging, and retention, and writes DATA_FLOW.md.
How this skill is triggered — by the user, by Claude, or both
Slash command
/agentic-security:privacy-data-flowThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Activates **before** you write code that reads, stores, transmits, or logs
Activates before you write code that reads, stores, transmits, or logs a piece of user data that may be classified PII / PHI / PCI / regulated. Privacy violations almost always look fine in code review — they're violations because of where the data goes, not what the line of code says. This skill makes the destination visible BEFORE the data flows.
You're about to call Edit / Write with a body that touches one of
these data shapes:
PII (general identifiability)
email, phone, dob, ssn, address, lat/lon,
national_id, tax_id, student_id.PHI (HIPAA)
mrn, patient_id, diagnosis, icd_code, prescription,
treatment_plan, insurance_plan.PCI (PCI-DSS)
pan, card_number, cc_num, cvv, cvc, iban,
bank_account, track_data.Special category (GDPR Art. 9 / CCPA "sensitive personal info")
Confidential business
Pause before the Edit. Don't write the code yet. Surface the data-class question.
Classify the data. For each user-data field the code touches, answer:
Trace the destination. Where does this field GO from this line of code? Walk the data flow:
| Stage | Question |
|---|---|
| Storage tier | Database table? Cache (Redis)? Log file? Disk? In-memory? |
| Encryption at rest | Is the storage tier encrypted? Per-row or per-disk? Key managed where? |
| Encryption in transit | TLS required? Mutual TLS? Cert pinning? |
| Third-party processors | Does this field reach: Stripe, Supabase, Clerk, Auth0, Sentry, PostHog, Segment, Mixpanel, OpenAI, Anthropic, AWS S3, Cloudflare, …? |
| Logging | Does it appear in stdout, error logs, exception traces, request logs, audit logs? Is it redacted? |
| Retention | How long is it kept? Where's the deletion trigger? Is "right to be forgotten" wired up? |
| Backups | Does the backup include this field? Are backups encrypted? Same retention? |
| Replication | Does the data cross a region boundary? Which? |
Map to jurisdiction. Which laws apply?
Cite the existing controls if they're in the codebase:
.agentic-security/last-scan.json flags it under crown-jewels?data_classes: rule in .agentic-security/rules.yml?Write the result to the scratchpad via MCP:
append_scratchpad({
path: ".agentic-security/agent-scratchpad/privacy/<session>/DATA_FLOW.md",
content: "<the classification + flow + jurisdiction block>"
})
Propose the literal implementation that satisfies every
requirement that DOES apply. For each defensive measure, cite the
regulation row in a code comment (e.g. // GDPR Art. 32: encryption at rest).
Refuse outright if the implementation would violate hard rules:
xxxx xxxx xxxx 1234 masked form.# DATA_FLOW.md — privacy review for <feature/file>
## Field: <patient.diagnosis>
Date: 2026-05-20T14:32:00Z
File:line: src/api/patient.ts:142
Construct: `await db.patients.update({ where: { id }, data: { diagnosis } })`
### Classification
Class: PHI (HIPAA)
Sensitivity: High
Field type: ICD-10 code + free-text notes
### Flow
Storage tier: postgres `patient_records` table (RDS, encrypted at rest with KMS)
Encryption transit: TLS 1.3 (mTLS via the app's VPC to the DB)
Third-party seen by: Sentry (error context — REDACTED via beforeSend hook)
Datadog (DOES NOT see — patient_id is hashed in logs)
OpenAI (DOES NOT see — diagnosis is never sent to LLM features)
Logging: audit_log table (success only); error logs do NOT include
the value (redacted upstream)
Retention: 7 years per HIPAA 164.530(j); deletion via
DELETE_PATIENT_DATA function with BAA evidence
Backups: encrypted; same 7y retention
Replication: us-east-1 only; no cross-region replication
### Jurisdiction
HIPAA: Yes — covered entity. BAA in place with Sentry, AWS, Datadog.
GDPR Art. 9: Yes for EU patients — explicit consent flag (`consents.research`)
required for any analytical use of diagnosis.
CCPA: Sensitive personal info; opt-out flow at /privacy/opt-out.
### Decisions
- Diagnosis updates audit-logged with actor + before/after hash.
- LLM features (`summarizeHistory()` server-side helper) read a REDACTED view that strips
free-text notes; only ICD codes flow through.
- Webhooks fired on update DO NOT include the diagnosis field
(only `patient_id` + `event: diagnosis_updated`).
### Open questions
- Cross-border data flow on customer migration to EU region: do we
need to negotiate SCC with Sentry before turning on EU?
- Patient export request: current PDF includes diagnosis verbatim; is
that the right level of detail for the right-of-access response?
/compliance --report — generate PRIVACY.md + cookie banner from the stack/compliance --report nist|asvs|llm — generate auditor-ready attestation/scan --all followed by /triage --show --threat-model — surface
data-class findings the scanner already detectedThe /compliance --report slash produces a privacy artifact AFTER the project
is built. This skill produces a per-field data-flow record before
the field is written. The two are complementary — privacy-docs is the
post-hoc summary; this is the pre-write gate.
npx claudepluginhub securityphoenix/agentic-security --plugin agentic-security2plugins reuse this skill
First indexed Jun 3, 2026
Runs a privacy data-flow review before writing code that touches PII, PHI, PCI, or confidential business data. Classifies each field, traces storage, encryption, third-party processors, logging, and retention, and writes DATA_FLOW.md.
Audits data privacy across the entire system: PII detection, data flow mapping, third-party sharing, consent enforcement, anonymization, retention, and multi-jurisdictional compliance (GDPR, CCPA, HIPAA, FERPA, LGPD, PIPEDA).
Scans codebases for PII exposure, hardcoded sensitive data, unsafe logging, unencrypted storage, insecure transmission, missing consent, and retention issues.