Improve AI data privacy transfer residency gates

[vumgg]

What This PR Does

Resubmits #2159 after the contribution queue reset, with real-use evidence added in this PR body.

This improves skills/ai-security/ai-data-privacy by adding an explicit gate for cross-border transfer, data residency, provider retention, and subprocessor evidence. The current skill covers privacy controls, redaction, retention, and governance, but did not force reviewers to prove where AI data is processed or whether the legal/contractual transfer basis is available.

Changes:

• adds Step 4: Cross-Border Transfer, Data Residency, and Subprocessor Review
• adds concrete findings for unpinned regions, missing SCC/TIA/DPA/BAA evidence, unknown provider retention, and undocumented subprocessors
• extends the output matrix with transfer/residency/subprocessor status
• adds pitfalls and framework references for GDPR, HIPAA, NIST AI RMF, and OWASP LLM02
• adds vulnerable and benign fixtures for region-pinned versus globally routed AI data paths
• bumps the skill version to 1.0.1

Framework References

• GDPR Articles 28, 44, 46, and 49
• HIPAA 45 CFR 164.502(e) and 164.504(e)
• NIST AI RMF 1.0: MAP 2.3, MAP 3.4, GOVERN 1.5
• OWASP LLM02:2025 Sensitive Information Disclosure

Testing

Checklist:

• Skill follows the format specification in CONTRIBUTING.md
• At least one real framework is cited with correct control IDs
• Framework references were checked against primary sources while preparing the original PR
• Prompt Injection Safety Notice section is present
• injection-hardened: true is set in frontmatter
• allowed-tools is scoped to Read, Grep, Glob
• Tested with OpenAI Codex against a real public repository
• No prohibited offensive patterns added
• index.yaml not applicable because this improves an existing skill

Validation commands run locally:

• git diff --check HEAD~1..HEAD
• marker check for the new transfer/residency/subprocessor section and output field
• fixture structure check for both new YAML fixtures
• prompt-injection keyword scan over the changed skill content

Real-use evidence:

• Agent used: OpenAI Codex
• Target repository: sakibmukter95/openai-chatbot-nextjs
• Target URL: https://github.com/sakibmukter95/openai-chatbot-nextjs
• Scope reviewed:
  • README.md
  • src/app/api/chat/route.ts
  • src/components/Chat.tsx
  • package dependencies and environment-variable documentation

Findings produced by the improved skill:

• src/app/api/chat/route.ts forwards the complete messages payload to OpenAI Chat Completions using gpt-3.5-turbo.
• The repository documents OPENAI_API_KEY, Clerk, Stripe, and MongoDB setup, but the reviewed files do not document an AI data map for prompts, completions, embeddings, logs, or support access.
• No region-pinned OpenAI/Azure OpenAI deployment, residency requirement, approved transfer basis, DPA/SCC/TIA reference, BAA requirement, subprocessor review date, or provider-retention evidence was found in the reviewed files.
• The finding would be reported as Transfer/residency evidence gap, severity High by default, because user chat prompts are sent to an external AI provider without evidence of region/residency/subprocessor controls. It would become Critical if the application handles PHI or regulated special-category data without a BAA or equivalent contractual safeguard.

Why the new gate matters:

• Before this PR, the skill could credit local privacy controls while missing that AI prompts still leave the expected jurisdiction or tenant boundary.
• The new fixtures show the intended distinction: globally routed personal data with missing transfer evidence should trigger, while a pinned regional deployment with DPA/SCC/TIA/subprocessor evidence should not.

Bounty request:

• Category: Improver
• Suggested tier: Moderate, USD 100 if accepted
• Preferred payment method: PayPal

[github-actions]

Thanks for the submission! 🙏 SecuritySkills is now issue-first: contributions need a linked issue that a maintainer has marked approved before a PR is opened.

Please open an issue describing the skill, wait for the approved label, then reopen this PR with Closes #<issue> in the description. The PR template lists everything we'll look for (including an independently runnable reproduction).