Agent skill

auditing-compliance

Audits codebases against IT security, privacy, and compliance frameworks including LAUSD (NIST CSF 2.0), NJ K-12 (NJDPL), and AICPA SOC 2. Use when reviewing code, infrastructure (IaC), CI/CD pipelines, or schemas for school district compliance, data privacy, AI safety, or SOC 2 Trust Services Criteria. Supports individual or combined framework audits.

Stars 0
Forks 1

Install this agent skill to your Project

npx add-skill https://github.com/Beerspitnight/cc-skills/tree/main/plugins/auditing-compliance

SKILL.md

Compliance & Security Auditor

This skill performs automated compliance audits on codebases using CLI tools (rg, find) to comprehensively scan for security, privacy, and architectural patterns.

Step-by-Step Guidance

  1. Determine the Audit Scope: Ask the user which framework(s) they want to audit against:
    • LAUSD (California K-12)
    • NJDPL (New Jersey K-12)
    • AICPA SOC 2 (Common Criteria)
    • Combined (All applicable frameworks simultaneously)
  2. Review Technical Signals: Read ./technical-signals.md for the exact rg commands and code heuristics needed to identify passing/failing code across all frameworks.
  3. Execute the Audit(s):
    • For LAUSD: Read ./lausd-audit-instructions.md and ./lausd-security-manual.md
    • For NJDPL: Read ./nj-audit-instructions.md
    • For SOC 2: Read ./soc2-audit-instructions.md
    • For Combined: Execute all selected instruction sets sequentially.
  4. Generate the Report: Generate the final output using the corresponding markdown template from the ./templates/ directory. If performing a Combined Audit, use ./templates/combined-audit-report.md.

General Audit Principles

  • Use CLI Tools Heavily: Rely on rg and find rather than reading files line-by-line.
  • Be Highly Specific: Always quote the exact file name, line of code, and the specific policy/framework requirement it violates.

Expand your agent's capabilities with these related and highly-rated skills.

Beerspitnight/cc-skills

business-plan-advisor

Expert business planning consultant for creating comprehensive, investor-ready business plans from scratch or refining existing plans. Use when users request help creating a new business plan, updating/reviewing an existing business plan, need guidance on specific business plan sections, or require financial projection assistance. Applies to startups and established businesses across all industries seeking funding or strategic planning.

0 1
Explore
Beerspitnight/cc-skills

graphic-design

Adaptive design engine for UI/UX, Print, and Branding. Use for critiques, creating visual assets, accessibility checks (WCAG), and technical production specs.

0 1
Explore
Beerspitnight/cc-skills

viral-reel-generator

Expert scriptwriter for high-retention short-form video (TikTok, Instagram Reels, YouTube Shorts). Generates optimized scripts with engineered hooks, strict anti-AI-slop writing rules, and personality-driven delivery.

0 1
Explore
Beerspitnight/cc-skills

business-fact-checker

Specialized verification of business claims, financial metrics, valuations, and market data. Use proactively for due diligence, pitch deck reviews, and financial news analysis.

0 1
Explore
Beerspitnight/cc-skills

pitch-deck-creator-edtech

Use when user needs to create a pitch deck for EdTech startups - transforms content into visually compelling, narrative-driven presentations through collaborative refinement, wireframing, and hybrid deck generation (PowerPoint + Google Slides)

0 1
Explore
Beerspitnight/cc-skills

new-venture-analyst

Generates comprehensive venture viability reports, financial models, and GTM strategy critiques for new business ideas or products. Use when a user needs to vet an idea, analyze a business plan, or stress-test strategic assumptions.

0 1
Explore

Didn't find tool you were looking for?

Be as detailed as possible for better results