A

ciso-review is a CISO-style Security Audit prompt for plans involving customer data, compliance, vendors, trust boundaries, or production access. It uses six forcing questions—threat model, blast radius, detection, response, regulatory exposure, and ship/no-ship risk—to turn a plan into blockers, mitigations, and launch guidance.

Stars22.1k
Favorites0
Comments0
AddedJul 11, 2026
CategorySecurity Audit
Install Command
npx skills add alirezarezvani/claude-skills --skill ciso-review
Curation Score

This skill scores 72/100, which means it is acceptable for directory listing but best suited for users who want a lightweight security review checklist rather than a complete CISO review system. The repository evidence shows a valid, focused SKILL.md with a clear command, trigger situations, and substantive forcing questions, but it lacks supporting materials, examples, and install guidance that would make adoption more confident.

72/100
Strengths
  • Clear trigger and invocation: `/cs:ciso-review <plan>` for plans involving customer data, compliance, production access, audits, incidents, or trust-boundary changes.
  • Provides a concise CISO review frame around six forcing questions, including STRIDE threat modeling, blast radius, detection, incident response, and regulatory concerns.
  • Gives agents more leverage than a generic prompt by naming specific security concepts such as PII/PHI/cardholder data, FAIR-based ALE, MTTD, alerts, on-call ownership, and tabletop-tested runbooks.
Cautions
  • No support files, references, examples, or install instructions are present, so users must rely entirely on the SKILL.md content.
  • Operational guidance appears question-driven rather than a full review workflow with templates, scoring criteria, or concrete deliverable examples.
Overview

Overview of ciso-review skill

What ciso-review does

The ciso-review skill is a security executive review prompt for plans that touch customer data, compliance scope, vendors, production access, or trust boundaries. It frames the review around six CISO-style forcing questions: threat model, blast radius, detection, incident response, regulatory exposure, and ship/no-ship risk.

Use it when you need a skeptical Security Audit lens before a production change, vendor decision, audit milestone, or post-incident corrective plan. The value is not “general security advice”; it is a structured interrogation that pushes an AI assistant to identify what could go wrong, how bad it gets, whether you can detect it, and what must be fixed before launch.

Best-fit users and decisions

The ciso-review skill fits engineering leads, founders, security managers, compliance owners, and platform teams who need a fast pre-flight review without turning every decision into a full formal assessment. It is especially useful before deploying systems involving PII, PHI, payment data, authentication, authorization, logging, third-party integrations, or privileged access.

It is less suited for deep exploit research, source-code vulnerability scanning, or replacing a qualified security assessor. Treat it as a decision-quality tool: it helps you expose risk, sharpen questions, and prepare for a real Security Audit conversation.

Why it is different from a generic prompt

A generic “review this for security” prompt often produces broad checklists. The ciso-review skill narrows the assistant into a CISO forcing-function: STRIDE threat modeling, worst-case blast radius, FAIR-style loss thinking, detection readiness, incident response readiness, and compliance impact.

That structure matters because adoption blockers are usually not “we forgot security exists”; they are vague ownership, unquantified exposure, missing detection, untested response plans, and unclear launch criteria.

How to Use ciso-review skill

ciso-review install and repository path

To install from the GitHub skill repository, use the directory’s standard skill install flow, for example:

npx skills add alirezarezvani/claude-skills --skill ciso-review

The skill lives at:

c-level-advisor/c-level-agents/skills/ciso-review/SKILL.md

There are no extra scripts, reference folders, or companion rule files shown in the repository evidence, so read SKILL.md first. The implementation is compact: the main asset is the command pattern /cs:ciso-review <plan> and the six-question review workflow.

Inputs the skill needs

For strong ciso-review usage, do not pass a one-line idea. Provide the plan, architecture, data involved, users affected, vendors, access paths, controls, monitoring, compliance context, and launch timeline.

Weak prompt:

/cs:ciso-review We are adding a new analytics vendor.

Stronger prompt:

/cs:ciso-review Review our plan to send product usage events to Vendor X. Data includes user_id, email, workspace_id, IP address, feature events, and timestamps. Vendor receives data via server-side API from production. SOC 2 scope applies; GDPR users are included. We currently have a DPA draft, SSO for vendor admin access, no field-level tokenization, logs in Datadog, and no specific detection rule for abnormal export volume. Launch target is next Friday. Identify top risks, required blockers, detection gaps, and a ship/no-ship recommendation.

The stronger version improves output because it gives the assistant enough context to assess blast radius, detection, regulatory exposure, and response readiness instead of inventing assumptions.

Practical workflow for Security Audit prep

Use the ciso-review skill before security sign-off, not after implementation is frozen. A useful workflow is:

  1. Draft the change plan in plain English.
  2. Add a data inventory: data types, sensitivity, residency, retention, and affected user count.
  3. Add trust boundaries: internal services, vendors, admins, customers, CI/CD, and production access.
  4. Run /cs:ciso-review <plan>.
  5. Convert findings into blockers, mitigations, owners, and due dates.
  6. Re-run the skill after changes to verify whether the residual risk is acceptable.

For audit readiness, ask the assistant to separate “evidence we have” from “evidence we still need.” That makes the output more useful for SOC 2, ISO 27001, HIPAA, GDPR, or vendor-security review packets.

Tips that improve the output

Ask for a ranked risk table instead of a narrative if you need execution clarity. Include likelihood, impact, affected assets, current controls, missing controls, owner, and recommended decision.

Good add-ons include:

  • “Use STRIDE and call out the top 3 risks by likelihood × impact.”
  • “Estimate worst-case exposure in users, records, systems, and business impact.”
  • “Identify detection rules, alert owners, and MTTD assumptions.”
  • “State what must be true before ship.”
  • “Separate blockers from follow-up hardening.”

ciso-review skill FAQ

Is ciso-review only for CISOs?

No. The ciso-review skill is useful for anyone who must make or prepare a security-sensitive decision. It gives non-CISO teams a structured way to ask the questions a security executive would ask, while still leaving final approval to your security, legal, compliance, or risk owners.

Can ciso-review replace a formal Security Audit?

No. ciso-review for Security Audit preparation is best used as a pre-review and gap-finding tool. It can help organize risks, evidence, and launch blockers, but it does not perform penetration testing, code analysis, legal review, or formal certification work.

When should I not use ciso-review?

Do not use it as the only review for high-risk regulated systems, cryptographic design, incident containment, legal breach determination, or production emergency response. Also avoid using it when you cannot provide enough context about data, access, architecture, and controls; the output will become assumption-heavy.

What makes a plan ready for review?

A plan is ready when it answers: what is changing, what data is involved, who can access it, where it flows, what could fail, what monitoring exists, who responds, what regulations apply, and what deadline or business pressure exists. If those facts are missing, start by asking the assistant to help you gather the missing review inputs.

How to Improve ciso-review skill

Improve ciso-review results with sharper context

The fastest way to improve ciso-review output is to make implicit risk explicit. Include diagrams or concise architecture notes, authentication and authorization model, admin roles, vendor access, encryption boundaries, retention periods, logging coverage, and rollback options.

A high-quality input should say not only “we use logs,” but which logs, where they go, which alert fires, who receives it, and what the expected detection time is. The skill’s detection question is designed to expose the gap between observability and actionable detection.

Common failure modes to watch

The main failure mode is accepting a plausible but generic answer. Push back when the output lacks quantified blast radius, named assets, concrete detection signals, or ship/no-ship criteria.

Another common issue is treating compliance as a label instead of a control requirement. If GDPR, HIPAA, SOC 2, ISO 27001, or PCI relevance is mentioned, ask what evidence, policy, control, or contractual artifact is needed.

Iterate after the first review

After the first ciso-review pass, ask for a second pass focused only on unresolved blockers. For example:

Re-review the plan assuming we added vendor SSO, IP allowlisting, a Datadog alert for export spikes, and an incident runbook. What residual risks remain, and what would still block launch?

This turns the skill from a one-time critique into a practical risk reduction loop. The best final output is a short decision memo: approved, approved with conditions, or blocked, with evidence and owners attached.

Ratings & Reviews

No ratings yet
Share your review
Sign in to leave a rating and comment for this skill.
G
0/10000
Latest reviews
Saving...