[New Skill]: Output Sanitizer & PII Masking

[rosspeili]

Skill Name

security/pii_sanitizer

What should this skill do?

The Problem: Enterprise adoption of autonomous agents is heavily blocked by data privacy concerns. Agents equipped with RAG can accidentally hallucinate or leak internal emails, API keys, or sensitive financial data into their final payload outputs.
The Solution: A deterministic "Guardrail" skill that automatically scans the final LLM output string before it is returned to the user or committed to a database. It utilizes Differential Privacy logic and Regex heuristics to mask sensitive information.

Documentation Requirement:
When submitting a Pull Request for this skill, the contributor must provide:

1. A reference card at docs/skills/pii_sanitizer.md detailing exactly which Regex heuristics are enabled by default (e.g., SSN, AWS Keys, Credit Cards).
2. Updates to docs/skills/README.md introducing the new security category.
3. Example usage in examples/ demonstrating how to wrap an agent's standard chat.send_message output in this sanitizer function.

Ideal Inputs & Outputs

Input:
{
"raw_llm_response": "The backup is located at s3://my-bucket/ using key AKIAIOSFODNN7EXAMPLE. Please email john.doe@arpacorp.net for access.",
"strict_mode": true
}

Output:
{
"sanitized_response": "The backup is located at s3://[MASKED]/ using key [REDACTED_AWS_KEY]. Please email [REDACTED_EMAIL] for access.",
"flags_triggered": ["AWS_ACCESS_KEY", "INTERNAL_EMAIL", "S3_BUCKET"]
}

Targeted Models (if applicable)

Model Agnostic (All)