firefrost-gaming/antigravity-skills-reference
3
0
Fork 0
Code Issues Pull Requests Actions 4 Packages Projects Releases Wiki Activity

feat: add privacy-by-design skill (#283)

Browse Source 
Co-authored-by: Abdeltoto <paypalbio360@gmail.com>
This commit is contained in:
sck_0
2026-03-13 09:28:20 +01:00
parent 608ef0ac9a
commit e8d929c797
7 changed files with 281 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
CATALOG.md
View File

@@ -2,7 +2,7 @@
Generated at: 2026-02-08T00:00:00.000Z
Total skills: 1250
Total skills: 1251
## architecture (80)
@@ -1064,7 +1064,7 @@ distri... | makepad, deployment | makepad, deployment, critical, packaging, trig
| `workflow-automation` | Workflow automation is the infrastructure that makes AI agents reliable. Without durable execution, a network hiccup during a 10-step payment flow means lost... | | automation, infrastructure, makes, ai, agents, reliable, without, durable, execution, network, hiccup, during |
| `x-twitter-scraper` | X (Twitter) data platform skill — tweet search, user lookup, follower extraction, engagement metrics, giveaway draws, monitoring, webhooks, 19 extraction too... | [twitter, x-api, scraping, mcp, social-media, data-extraction, giveaway, monitoring, webhooks] | [twitter, x-api, scraping, mcp, social-media, data-extraction, giveaway, monitoring, webhooks], twitter, scraper, data |
## security (145)
## security (146)
| Skill | Description | Tags | Triggers |
| --- | --- | --- | --- |
@@ -1166,6 +1166,7 @@ distri... | makepad, deployment | makepad, deployment, critical, packaging, trig
| `plaid-fintech` | Expert patterns for Plaid API integration including Link token flows, transactions sync, identity verification, Auth for ACH, balance checks, webhook handlin... | plaid, fintech | plaid, fintech, api, integration, including, link, token, flows, transactions, sync, identity, verification |
| `popup-cro` | Create and optimize popups, modals, overlays, slide-ins, and banners to increase conversions without harming user experience or brand trust. | popup, cro | popup, cro, optimize, popups, modals, overlays, slide, ins, banners, increase, conversions, without |
| `postmortem-writing` | Write effective blameless postmortems with root cause analysis, timelines, and action items. Use when conducting incident reviews, writing postmortem documen... | postmortem, writing | postmortem, writing, write, effective, blameless, postmortems, root, cause, analysis, timelines, action, items |
| `privacy-by-design` | Use when building apps that collect user data. Ensures privacy protections are built in from the start—data minimization, consent, encryption. | privacy, by | privacy, by, building, apps, collect, user, data, ensures, protections, built, start, minimization |
| `product-manager` | Senior PM agent with 6 knowledge domains, 30+ frameworks, 12 templates, and 32 SaaS metrics with formulas. Pure Markdown, zero scripts. | product-management, saas, frameworks, metrics, strategy | product-management, saas, frameworks, metrics, strategy, product, manager, senior, pm, agent, knowledge, domains |
| `quant-analyst` | Build financial models, backtest trading strategies, and analyze market data. Implements risk metrics, portfolio optimization, and statistical arbitrage. | quant, analyst | quant, analyst, financial, models, backtest, trading, analyze, market, data, implements, risk, metrics |
| `red-team-tactics` | Red team tactics principles based on MITRE ATT&CK. Attack phases, detection evasion, reporting. | red, team, tactics | red, team, tactics, principles, mitre, att, ck, attack, phases, detection, evasion, reporting |

12
README.md
View File

@@ -1,7 +1,7 @@
<!-- registry-sync: version=7.6.0; skills=1250; stars=23509; updated_at=2026-03-12T12:01:36+00:00 -->
# 🌌 Antigravity Awesome Skills: 1,250+ Agentic Skills for Claude Code, Gemini CLI, Cursor, Copilot & More
<!-- registry-sync: version=7.6.0; skills=1251; stars=23847; updated_at=2026-03-13T08:15:26+00:00 -->
# 🌌 Antigravity Awesome Skills: 1,251+ Agentic Skills for Claude Code, Gemini CLI, Cursor, Copilot & More
> **The Ultimate Collection of 1,250+ Universal Agentic Skills for AI Coding Assistants — Claude Code, Gemini CLI, Codex CLI, Antigravity IDE, GitHub Copilot, Cursor, OpenCode, AdaL**
> **The Ultimate Collection of 1,251+ Universal Agentic Skills for AI Coding Assistants — Claude Code, Gemini CLI, Codex CLI, Antigravity IDE, GitHub Copilot, Cursor, OpenCode, AdaL**
[![GitHub stars](https://img.shields.io/badge/⭐%2024%2C000%2B%20Stars-gold?style=for-the-badge)](https://github.com/sickn33/antigravity-awesome-skills/stargazers)
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
@@ -18,7 +18,7 @@
[![Web App](https://img.shields.io/badge/Web%20App-Browse%20Skills-blue)](apps/web-app)
[![Buy Me a Book](https://img.shields.io/badge/Buy%20me%20a-book-d13610?logo=buymeacoffee&logoColor=white)](https://buymeacoffee.com/sickn33)
**Antigravity Awesome Skills** is a curated, battle-tested library of **1,250+ high-performance agentic skills** designed to work seamlessly across the major AI coding assistants.
**Antigravity Awesome Skills** is a curated, battle-tested library of **1,251+ high-performance agentic skills** designed to work seamlessly across the major AI coding assistants.
**Current release: V7.6.0.** This repository gives your agent reusable playbooks for planning, coding, debugging, testing, security review, infrastructure work, product thinking, and much more.
@@ -32,7 +32,7 @@
- [🎁 Curated Collections (Bundles)](#curated-collections)
- [🧭 Antigravity Workflows](#antigravity-workflows)
- [📦 Features & Categories](#features--categories)
- [📚 Browse 1,250+ Skills](#browse-1250-skills)
- [📚 Browse 1,251+ Skills](#browse-1251-skills)
- [🤝 Contributing](#contributing)
- [💬 Community](#community)
- [☕ Support the Project](#support-the-project)
@@ -282,7 +282,7 @@ The repository is organized into specialized domains to transform your AI into a
Counts change as new skills are added. For the current full registry, see [CATALOG.md](CATALOG.md).
## Browse 1,250+ Skills
## Browse 1,251+ Skills
- Open the interactive browser in [`apps/web-app`](apps/web-app).
- Read the full catalog in [`CATALOG.md`](CATALOG.md).

2
data/bundles.json
View File

@@ -396,6 +396,7 @@
"pci-compliance",
"pentest-checklist",
"plaid-fintech",
"privacy-by-design",
"quant-analyst",
"risk-manager",
"risk-metrics-calculation",
@@ -589,6 +590,7 @@
"postgresql",
"postgresql-optimization",
"prisma-expert",
"privacy-by-design",
"programmatic-seo",
"pubmed-database",
"pydantic-models-py",

27
data/catalog.json
View File

@@ -1,6 +1,6 @@
{
"generatedAt": "2026-02-08T00:00:00.000Z",
"total": 1250,
"total": 1251,
"skills": [
{
"id": "00-andruia-consultant",
@@ -22397,6 +22397,31 @@
],
"path": "skills/prisma-expert/SKILL.md"
},
{
"id": "privacy-by-design",
"name": "privacy-by-design",
"description": "Use when building apps that collect user data. Ensures privacy protections are built in from the start—data minimization, consent, encryption.",
"category": "security",
"tags": [
"privacy",
"by"
],
"triggers": [
"privacy",
"by",
"building",
"apps",
"collect",
"user",
"data",
"ensures",
"protections",
"built",
"start",
"minimization"
],
"path": "skills/privacy-by-design/SKILL.md"
},
{
"id": "privilege-escalation-methods",
"name": "privilege-escalation-methods",

25
skills/privacy-by-design/README.md Normal file
View File

@@ -0,0 +1,25 @@
# 🔒 Privacy by Design
Guides AI agents to integrate privacy protections into software from the start—data minimization, consent, encryption, retention. Applies GDPR Article 25, CCPA, and LGPD principles during design and implementation.
## ✨ What It Does
- 🛡️ Enforces data minimization and purpose limitation
- ✅ Ensures consent before collection and third-party sharing
- 🔐 Covers encryption, retention policies, and user rights (access, erasure, portability)
- 💻 Provides code patterns in JavaScript, Python, and SQL
- 📋 Includes logging safety, third-party audit, and common pitfalls
## 🚀 Usage
```
Use @privacy-by-design when designing the user registration flow
```
```
Use @privacy-by-design to review our database schema for PII
```
---
**Contributor:** [@Abdeltoto](https://github.com/Abdeltoto)

209
skills/privacy-by-design/SKILL.md Normal file
View File

@@ -0,0 +1,209 @@
---
name: privacy-by-design
description: "Use when building apps that collect user data. Ensures privacy protections are built in from the start—data minimization, consent, encryption."
risk: safe
source: community
date_added: "2026-02-23"
---
# Privacy by Design
## Overview
Integrate privacy protections into software architecture from the beginning, not as an afterthought. This skill applies Privacy by Design principles (GDPR Article 25, Cavoukian's framework) when designing databases, APIs, and user flows. Protects real users' data and builds trust.
## When to Use This Skill
- Use when building apps that collect personal data (names, emails, locations, preferences)
- Use when designing database schemas, APIs, or authentication flows
- Use when the user mentions forms, user accounts, analytics, or third-party integrations
- Use when deploying to production—verify privacy controls before launch
## Legal Frameworks
**GDPR (EU)** — Primary reference. Article 25 mandates "data protection by design and by default." Applies to EU users and often adopted globally.
**CCPA (California)** — Right to know, delete, opt-out of sale. Similar principles: minimize, disclose, allow control.
**LGPD (Brazil)** — Aligned with GDPR. Purpose limitation, necessity, transparency. Applies to Brazil users.
Design for the strictest framework you target; it often satisfies others.
---
## Core Principles
### 1. Data Minimization
Collect only what is strictly necessary. Every field needs a documented justification. Avoid "we might need it later."
### 2. Purpose Limitation
Store the purpose of each data point. Do not reuse data for purposes the user did not consent to.
### 3. Storage Limitation
Define retention periods. Implement automated deletion or anonymization when retention expires. Never keep data "forever" by default.
### 4. Privacy as Default
Opt-in for optional collection, not opt-out. Sensitive settings (analytics, marketing) off by default. No pre-checked consent boxes.
### 5. End-to-End Security
Encrypt at rest and in transit. Use RBAC. Log access to sensitive data for audit.
### 6. Transparency
Document what is collected and why. Clear privacy policies. Easy access and deletion for users.
---
## User Rights (GDPR)
Ensure these are implementable from day one:
| Right | What to build |
|-------|---------------|
| **Access** | Endpoint or flow to return all user data |
| **Rectification** | Ability to update/correct data |
| **Erasure** | Account deletion + data purge (including backups) |
| **Portability** | Export data in machine-readable format (JSON, CSV) |
---
## Deep Dive: Why It Matters
**Data minimization** — Less data = less breach impact, lower storage cost, simpler compliance. Each field is a liability.
**Purpose limitation** — Reusing data without consent is illegal under GDPR. Document purpose in schema or metadata.
**Retention** — Indefinite storage increases risk and violates GDPR. Define `retention_days` per data type; automate cleanup.
**Logging** — Logs often leak PII. Redact emails, IDs, tokens. Use structured logging with allowlists.
**Third parties** — Every SDK (analytics, crash reporting, ads) may send data elsewhere. Audit dependencies; require consent before loading.
---
## Code Examples
### JavaScript/Node — Minimal User Model
```javascript
// BAD: Collecting everything "just in case"
const user = { email, name, phone, address, birthdate, ipAddress, userAgent, ... };
// GOOD: Minimal, documented purpose
const user = {
email, // purpose: authentication
displayName, // purpose: UI display
createdAt, // purpose: account age
};
```
### JavaScript — Consent Before Tracking
```javascript
// BAD: Track first, ask later
analytics.track(userId, event);
// GOOD: Check consent first
if (userConsent.analytics) {
analytics.track(userId, event);
}
```
### Python — Safe Logging
```python
# BAD: Logging PII in plain text
logger.info(f"User {user.email} logged in from {request.remote_addr}")
# GOOD: Redact or hash identifiers
logger.info(f"User {hash_user_id(user.id)} logged in")
# Or: logger.info("User login", extra={"user_id_hash": hash_id(user.id)})
```
### SQL — Schema with Purpose and Retention
```sql
-- GOOD: Document purpose and retention in schema
CREATE TABLE users (
id UUID PRIMARY KEY,
email VARCHAR(255) NOT NULL, -- purpose: auth, retention: account lifetime
display_name VARCHAR(100), -- purpose: UI, retention: account lifetime
created_at TIMESTAMPTZ, -- purpose: audit, retention: 7 years
last_login_at TIMESTAMPTZ -- purpose: security, retention: 90 days
);
-- Add retention policy (PostgreSQL example)
-- Schedule job to anonymize/delete last_login_at after 90 days
```
### API — Return Only Needed Fields
```python
# BAD: Returning full user object
return jsonify(user) # May include internal fields, hashed passwords
# GOOD: Explicit allowlist
return jsonify({
"id": user.id,
"email": user.email,
"displayName": user.display_name,
})
```
---
## Common Pitfalls
| Pitfall | Solution |
|---------|----------|
| Logs contain emails, IPs, tokens | Redact PII; use hashed IDs or structured logs |
| Error messages expose data | Return generic errors to client; log details server-side |
| Third-party SDKs load before consent | Load analytics/ads only after consent; use consent management |
| No deletion flow | Design account deletion + data purge from day one |
| Backups keep data forever | Include backups in retention; encrypt backups |
| Cookies without consent | Use consent banner; respect Do Not Track where applicable |
---
## Third-Party Audit
Before adding a dependency that touches user data:
- [ ] What data does it collect or receive?
- [ ] Where does it send data (servers, countries)?
- [ ] Is it loaded before or after user consent?
- [ ] Can we disable it if user opts out?
- [ ] Does their privacy policy align with ours?
---
## Implementation Checklist
When building a feature that touches user data:
- [ ] Is this data necessary? Can we achieve the goal with less?
- [ ] Do we have explicit consent for this use?
- [ ] Is it encrypted (at rest and in transit)?
- [ ] Do we have a retention/deletion policy?
- [ ] Can the user export or delete their data?
- [ ] Are third-party services disclosed and consented?
- [ ] Are logs free of PII?
- [ ] Are backups included in retention policy?
---
## Best Practices
- ✅ Ask "do we need this?" for every new data field
- ✅ Design deletion and export flows from day one
- ✅ Use hashing or tokenization for sensitive identifiers when possible
- ✅ Document purpose and retention in schema or metadata
- ❌ Don't log passwords, tokens, or PII in plain text
- ❌ Don't share data with third parties without explicit consent
- ❌ Don't assume "we'll add privacy later"—it rarely happens
- ❌ Don't expose stack traces or internal errors to clients
---
## When to Use
This skill is applicable when building software that collects, stores, or processes personal data. Apply it proactively during design and implementation.

10
skills_index.json
View File

@@ -9049,6 +9049,16 @@
"source": "community",
"date_added": "2026-02-27"
},
{
"id": "privacy-by-design",
"path": "skills/privacy-by-design",
"category": "uncategorized",
"name": "privacy-by-design",
"description": "Use when building apps that collect user data. Ensures privacy protections are built in from the start\u2014data minimization, consent, encryption.",
"risk": "safe",
"source": "community",
"date_added": "2026-02-23"
},
{
"id": "privilege-escalation-methods",
"path": "skills/privilege-escalation-methods",