Summary

Google's official skills cover BigQuery, Gemini API, GKE and more —
but there's no skill that sanitizes PII before agent payloads reach
these services. This creates a compliance gap for GDPR, HIPAA, and
EU AI Act enforcement.

The gap

A typical agent flow today:

User input (may contain PII) → Google skill → BigQuery/Gemini/GKE

When agents process user messages, documents, or form inputs,
they frequently contain emails, phone numbers, national IDs,
private keys, and financial data — none of which should reach
external APIs.

Proposed skill

A pii-sanitization skill that agents load on demand to redact
sensitive data before passing payloads to Google Cloud services.

The skill would document:

• When to sanitize (before BigQuery queries, Gemini API calls, etc.)
• How to integrate a sanitization step in the agent pipeline
• Compliance context (GDPR Article 25, EU AI Act, HIPAA, LGPD)

Reference implementation

TrustBoost is an open-source PII sanitizer built specifically
for agentic pipelines — single POST request, no SDK, supports
EN, ES (LATAM), PT (BR/PT), DE, JA:

POST https://api.trustboost.dev/sanitize/preview
{"text": "your agent payload here"}

GitHub: https://github.com/teodorofodocrispin-cmyk/TrustBoost-PII-Sanitizer

Happy to contribute a SKILL.md draft if this direction is accepted.