Compliance Review

skill-comply is a compliance-testing skill that checks whether an agent follows a skill, rule, or agent definition in real runs. It generates specs from markdown, runs three prompt strictness levels, classifies tool-call timelines, and reports compliance rates with evidence. Useful for skill-comply for Compliance Review.

Use the security-review skill to review auth, user input, secrets, APIs, payments, uploads, and other sensitive flows. It provides a practical security-review guide with clear pass/fail checks, risky-pattern examples, and a focused process for catching common issues before release.

quality-nonconformance is a regulated-manufacturing skill for NCR intake, root cause analysis, CAPA, SPC interpretation, and final disposition. Use it for Compliance Review, supplier quality issues, and evidence-based decisions where traceability, risk, and audit-ready judgment matter.

perl-security helps you review Perl code for safer input handling, taint mode, shell execution, DBI placeholders, and web security issues like XSS, SQLi, and CSRF. Use this perl-security skill for Security Audit work, remediation planning, and secure development when user-controlled data reaches sensitive sinks.

The laravel-security skill is a practical Laravel security checklist for authn/authz, validation, CSRF, mass assignment, file uploads, secrets, rate limiting, and secure deployment. Use it for audits, feature reviews, and hardening work in Laravel apps.

hipaa-compliance is the HIPAA-specific entrypoint for healthcare privacy and security work. Use the hipaa-compliance skill when a task is explicitly about PHI, covered entities, BAAs, breach posture, or whether a workflow creates HIPAA exposure. It is a thin overlay for fast compliance triage and guidance.

healthcare-phi-compliance helps review healthcare apps for PHI/PII risk across data models, APIs, logs, and access paths. Use it to check data classification, access control, encryption, audit trails, and common leak vectors for HIPAA, DISHA, GDPR, and related security audit needs.

django-security is a practical guide for hardening Django apps with authentication, authorization, CSRF, XSS, SQL injection prevention, secure cookies, and production settings. It helps developers and reviewers run a focused Security Audit, quickly spot risky config, and apply concrete fixes before deployment.

customs-trade-compliance is a trade compliance skill for customs documentation, HS/HTS classification, duty planning, restricted party screening, and Compliance Review. It helps users turn shipment facts into defensible import/export decisions with less guesswork than a generic prompt.

cso is a Chief Security Officer–style security audit skill for agents. It helps review codebases and workflows for secrets exposure, dependency and supply-chain risk, CI/CD security, and LLM/AI security using OWASP Top 10 and STRIDE. Use cso for structured Security Audit reviews with confidence gates, active verification, and trend tracking.

The accessibility-compliance skill helps teams audit and improve web or mobile UI with practical WCAG 2.2, ARIA, keyboard access, screen reader, and mobile accessibility guidance. Best for UX audits, component fixes, and implementation-ready recommendations.

security-requirement-extraction turns threat models and business context into testable security requirements, user stories, acceptance criteria, and backlog-ready outputs for Requirements Planning.

Use the pci-compliance skill to guide PCI DSS architecture reviews, scope reduction, gap analysis, and payment data handling decisions. Best for teams designing payment flows, preparing for assessments, or reviewing controls before a compliance review.

k8s-security-policies helps teams draft Kubernetes NetworkPolicy, Pod Security Standards labels, and RBAC patterns using repo-backed templates and references for hardening and audit-ready rollout planning.

The gdpr-data-handling skill helps teams turn GDPR requirements into practical review guidance for consent, lawful basis, data subject rights, retention, and privacy-by-design decisions.

wcag-audit-patterns is a structured WCAG 2.2 audit skill for accessibility reviews. Use it to combine automated findings with manual checks, prioritize issues by severity and conformance level, and generate actionable remediation guidance for pages, flows, and components.

agent-governance is a documentation-first skill for designing AI agent guardrails, policy checks, trust rules, tool restrictions, and audit logging for tool-using and multi-agent systems.

gws-modelarmor helps you work with Google Model Armor in the googleworkspace/cli ecosystem. Use it to sanitize prompts, sanitize model responses, and create templates with less guesswork than a generic prompt. It is designed for repeatable, policy-aware usage and Security Audit workflows.

The security-and-hardening skill helps harden application code before release. Use it for user input, auth, sessions, sensitive data, file uploads, webhooks, and external services, with concrete checks like input validation, parameterized queries, output encoding, secure cookies, HTTPS, and secrets handling.

The privacy-policy skill helps draft a first-pass privacy policy for a product or service, with clear data-collection details, jurisdiction scope, and legal review flags. Use it when launching a site, app, or SaaS, updating documentation, or preparing a privacy-policy for Legal review.

detecting-misconfigured-azure-storage is a security-audit skill for reviewing Azure Storage accounts for public blob access, weak encryption, open network rules, unsafe SAS usage, and missing logging. It is useful for repeatable cloud security checks across subscriptions with Azure CLI-backed guidance.

The configuring-hsm-for-key-storage skill explains HSM-backed key storage with PKCS#11, SoftHSM2, and production HSM options. Use this guide for install, usage, key attributes, token setup, signing, encryption, and Security Audit evidence.

The configuring-active-directory-tiered-model skill helps design and audit Microsoft ESAE-style Active Directory tier separation. Use this configuring-active-directory-tiered-model guide to review Tier 0/1/2 access, PAWs, admin boundaries, credential exposure, and security-audit findings with clearer implementation context.

The codeql skill helps you run CodeQL with fewer blind spots during a security audit. It focuses on database quality, suite selection, data extensions, and SARIF review so you can use codeql usage more reliably across supported languages. Use it for repeatable codeql guide steps when analyzing real repositories.