1

    AI Data Exposure and Vendor Risk Assessor — Decide What's Safe to Send to an AI Vendor Before You Send It

    Before you send proprietary or sensitive data to an AI vendor, assess the risk. Classifies what's actually your moat versus regulated, contractual, or harmless data, maps the real exposure vectors by vendor tier, lists the questions to get in writing, and gives a send / send-with-controls / keep-in-house recommendation per data type.

    Updated Jul 2026
    Security scanned
    including Claude Code

    $14

    · or 70 credits

    30-day refund guarantee

    Secure checkout via Stripe

    Included in download

    • Classify data sensitivity to determine if it belongs in a public or private LLM.
    • Evaluate vendor-specific exposure like model training and human review policies.
    • file_read, file_write automation included
    • Ready for including Claude Code
    • Instant install

    Media gallery

    See it in action

    You say

    We want to use a hosted LLM vendor's enterprise API tier to summarize our internal product roadmap and customer feedback logs. Which parts are safe to send, which need controls, and what should we get in writing from the vendor first?

    Your agent does

    ### Assessment Summary **Data Classification:** - Product Roadmap: Proprietary moat (high sensitivity; value depends on exclusivity). - Customer Feedback Logs: Regulated / contractual (likely contains PII). **Exposure Vectors to Verify for This Tier (do not assume — confirm in writing):** - Training on inputs: is your data excluded from model training on this tier? - Retention: how long are inputs/outputs stored, and is a zero-retention option available? - Human review: is there human review for safety/abuse monitoring, and can it be scoped or opted out of? - Sub-processors and jurisdiction: who else processes the data, and in which regions? - Output memorization: any risk of your content surfacing in other users' outputs? **Recommendation (per data type):** - Roadmap: Send with controls — redact unreleased project names/dates; require a written no-training commitment before sending; otherwise keep in-house. - Feedback Logs: Send with controls — scrub or pseudonymize PII and minimize fields; confirm the DPA covers this use. **Questions to Get in Writing from the Vendor:** - Does our contract/DPA include a no-training and zero- or limited-retention option on this tier? - Can we opt out of or scope any human review / safety logging? - Who are the sub-processors and what are the data residency options? Note: This is decision-support, not legal advice, and it does not assert what any specific vendor does with your data — tier terms vary and change, so confirm the above directly with the vendor and your counsel.

    About This Skill

    Sending data to an AI vendor is now a routine decision made with almost no structure, and the anxiety is real: is the proprietary corpus that is our moat about to train a competitor's model, is customer data leaving our control, what does this vendor actually retain? The honest answer is usually nuanced — some data is completely fine to send to an enterprise zero-retention tier, and some genuinely should never leave your environment — but teams rarely have a way to tell which is which. AI Data Exposure and Vendor Risk Assessor runs that assessment. Describe the data, the use case, and the vendor and tier, and it classifies each data element as moat, regulated, contractual, or low-sensitivity; maps the real exposure vectors for that tier — training on inputs, retention, sub-processors, output memorization, jurisdiction — and distinguishes default consumer behavior from enterprise and self-hosted terms, which are often opposite; lists the exact questions to get in writing from the vendor before anything is sent; and gives a tiered recommendation per data type: send freely, send with specific controls (redaction, minimization, a no-training agreement, region restriction), or keep in-house. It is even-handed, not anti-AI — the right answer is often that the data is fine on an enterprise no-training tier, and it says so — and it reserves the highest bar for the true moat, whose value depends on exclusivity. The download includes three reference files: the data-sensitivity worksheet, an exposure-vectors and vendor-questions guide, and a worked sample assessment. It is decision-support, not legal advice, and it does not assert what any named vendor does with your data — terms vary by tier and change, so it tells you what to verify directly. Works with Claude Code, Cursor, Codex CLI, Gemini CLI, and any SKILL.md agent.

    Use Cases

    • Classify data sensitivity to determine if it belongs in a public or private LLM.
    • Evaluate vendor-specific exposure like model training and human review policies.
    • Generate precise due diligence questions for AI vendor security reviews.
    • Establish technical controls like redaction or pseudonymization for AI workflows.

    How to install

    Drop the file into your AI tool. Works with Claude, Cursor, ChatGPT, and 20+ more.

    Reviews

    No reviews yet - be the first to share your experience.

    Only users who have downloaded or purchased this skill can leave a review.

    Security Scanned

    Passed automated security review

    Permissions

    Read Files
    Write Files

    File Scopes

    references/**

    This skill only needs to read the inputs you provide and its own bundled reference files, and to write out the assessment. It requires Read Files and Write Files only. It does not run terminal commands, open a browser, make network connections, or read environment variables, and it connects to no external hosts — all analysis happens locally from what you describe. Terminal, Browser, Network, and Environment Variables are intentionally left off.

    Works with any agent that supports the open SKILL.md standard, including Claude Code, Cursor, Codex CLI, Gemini CLI, and VS Code Copilot. Requires an agent with local file read/write access; no network, terminal, or environment access is used. Includes SKILL.md plus three reference files (data-sensitivity-worksheet.md, exposure-vectors-and-vendor-questions.md, sample-exposure-assessment.md).

    Frequently Asked Questions

    $14