Skip to main content
Back to Insights

Open-Source Privacy Skills for Safer AI and Sensitive Data Workflows

Berrysbay Labs has published an open-source privacy skills library to help organisations and individuals reduce risks before sensitive data is uploaded, shared, logged, automated, or used with AI.

Open-Source Privacy Skills for Safer AI and Sensitive Data Workflows

Berrysbay Labs has published an open-source privacy skills library to help reduce risks before sensitive data is uploaded, shared, logged, automated, or used with AI.

The library is completely free to use. There is no registration required, and because it is open-source, you can read in plain language exactly what is inside every skill.

It is designed to sit inside real workflows, not live in a document nobody reads.

The full library is available on GitHub:

View the open-source privacy skills library on GitHub →

What the library is

At the moment, the library includes 40 privacy skills organised into four groups. We are planning to add more over time, so you can also subscribe to Berrysbay Labs updates if you want to follow new releases.

Each skill is a focused, opinionated checklist that an AI agent can run at the points where sensitive data decisions actually happen. A human can also work through each skill manually as a structured review.

The design assumption throughout is human in the loop.

The skill can structure the review and surface the right questions, but a person should still make the final judgment call rather than delegating the decision entirely to an agent.

The skills can be used as:

  • discrete steps inside agentic workflows
  • system prompt instructions for AI assistants
  • manual checklists for human review
  • lightweight governance tools for teams

No proprietary tooling is required.

For workflows handling genuinely sensitive data, we recommend running these checks against a local or on-premises AI system rather than a third-party API.

If that is a problem your team is working through, Berrysbay Labs can help with local AI setup and privacy-focused workflow design.

Who it is for

These skills are for people and teams who need practical privacy and AI governance support before sensitive data moves through a workflow.

They may be useful for:

  • developers and architects building AI-powered internal tools, RAG pipelines, or data processing workflows
  • IT and operations leads in small teams who own how sensitive data is handled day to day
  • cybersecurity professionals building or reviewing AI governance for teams moving quickly
  • managers trying to create practical guardrails for staff using AI tools
  • NSW government teams and government-adjacent organisations
  • organisations building AI systems for NSW clients
  • anyone auditing a system where personal, financial, medical, legal, student, client, or commercially sensitive data is in play
  • anyone who has just been handed a privacy, AI, or governance framework they have never seen before and needs a practical place to start

Frameworks are often written for formal assurance, not for someone opening the document for the first time. The framework assistants are designed to help people understand what a framework is asking, what information they may need, and where they should go back to the official source.

What it covers

The library currently covers four areas.

Everyday privacy — 13 skills

These skills are for anyone handling documents, photos, messages, meetings, screenshots, or AI-generated content.

They include checks for:

  • uploading documents to AI tools
  • reviewing screenshots before sharing
  • checking emails for oversharing
  • deciding whether a meeting should be recorded
  • creating safer versions of content before sharing
  • checking cloud storage links
  • reviewing AI-generated meeting notes
  • checking photos for hidden metadata
  • sanitising internal examples before turning them into public case studies

These are everyday checks for the moments where private information can easily leave the people it was meant for.

Team and governance — 13 skills

These skills are for managers, operations leads, and teams building practical AI governance.

They include checks for:

  • AI data exposure
  • sensitive document workflows
  • data flow mapping
  • safe AI use policies
  • approved AI tools registers
  • vendor data sharing
  • contractor data access
  • AI tool onboarding
  • privacy incident first response
  • data retention
  • lightweight privacy impact assessments
  • staff AI training

The goal is not to create governance theatre. The goal is to help teams make better decisions before sensitive information is copied into tools, sent to vendors, retained for too long, or used in ways nobody has properly reviewed.

Developer and architecture — 13 skills

These skills are for engineers, architects, and technical teams reviewing privacy risks in systems and software.

They include checks for:

  • application logging
  • RAG systems and document access
  • API data exposure
  • privacy by design
  • data minimisation
  • prompt injection privacy risks
  • vector databases and embeddings
  • third-party SDKs
  • observability and monitoring tools
  • OAuth scopes
  • webhook payloads and delivery

These skills are designed for the places where privacy risk often hides: logs, APIs, embeddings, integrations, permissions, monitoring tools, and automation pipelines.

Framework assistants — 1 skill

The library also includes framework assistant skills for working through formal AI, privacy, and governance frameworks.

The first framework assistant covers the NSW AI Assessment Framework.

This skill is intended for teams operating in or adjacent to NSW Government, or building AI systems for NSW clients.

It uses official NSW Government guidance and is designed to help teams work through the framework without inventing risk scores, compliance rules, or approval pathways.

The goal is to help people slow down, read the framework properly, organise their answers, and know when they need to return to the official source.

A note on scope

These skills are practical review tools.

They are not legal advice, security certification, privacy certification, or a substitute for professional legal, privacy, security, procurement, or governance review.

They are designed to help teams ask better questions earlier in the process, which is often where much of the value is.

A good privacy check does not need to be complicated to be useful. Sometimes the most important step is simply pausing before data is uploaded, shared, logged, automated, or connected to an AI system.

View the library

You can view the full open-source library on GitHub:

View the library on GitHub →

We hope you find something useful in there.

Berrysbay Labs shares these resources as a goodwill contribution for people and teams who want to use AI and cloud tools more safely.

If your team needs more than a library, such as architecture review, local AI setup, staff training, or hands-on privacy workflow design, that is what Berrysbay Labs does.

Back to Insights
Berrysbay Logo
berrysbay
labs

Practical tools and workflows for working with data in the AI era.

Berrysbay Labs Updates

Services

PricingFAQs

Company

About UsCareersInsights

Contact

ContactHome

Copyright © Berrysbay Labs  2026