Agent skill
auditing-compliance
Audits codebases against IT security, privacy, and compliance frameworks including LAUSD (NIST CSF 2.0), NJ K-12 (NJDPL), and AICPA SOC 2. Use when reviewing code, infrastructure (IaC), CI/CD pipelines, or schemas for school district compliance, data privacy, AI safety, or SOC 2 Trust Services Criteria. Supports individual or combined framework audits.
Install this agent skill to your Project
npx add-skill https://github.com/Beerspitnight/cc-skills/tree/main/plugins/auditing-compliance
SKILL.md
Compliance & Security Auditor
This skill performs automated compliance audits on codebases using CLI tools (rg, find) to comprehensively scan for security, privacy, and architectural patterns.
Step-by-Step Guidance
- Determine the Audit Scope: Ask the user which framework(s) they want to audit against:
- LAUSD (California K-12)
- NJDPL (New Jersey K-12)
- AICPA SOC 2 (Common Criteria)
- Combined (All applicable frameworks simultaneously)
- Review Technical Signals: Read
./technical-signals.mdfor the exactrgcommands and code heuristics needed to identify passing/failing code across all frameworks. - Execute the Audit(s):
- For LAUSD: Read
./lausd-audit-instructions.mdand./lausd-security-manual.md - For NJDPL: Read
./nj-audit-instructions.md - For SOC 2: Read
./soc2-audit-instructions.md - For Combined: Execute all selected instruction sets sequentially.
- For LAUSD: Read
- Generate the Report: Generate the final output using the corresponding markdown template from the
./templates/directory. If performing a Combined Audit, use./templates/combined-audit-report.md.
General Audit Principles
- Use CLI Tools Heavily: Rely on
rgandfindrather than reading files line-by-line. - Be Highly Specific: Always quote the exact file name, line of code, and the specific policy/framework requirement it violates.
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
business-plan-advisor
Expert business planning consultant for creating comprehensive, investor-ready business plans from scratch or refining existing plans. Use when users request help creating a new business plan, updating/reviewing an existing business plan, need guidance on specific business plan sections, or require financial projection assistance. Applies to startups and established businesses across all industries seeking funding or strategic planning.
graphic-design
Adaptive design engine for UI/UX, Print, and Branding. Use for critiques, creating visual assets, accessibility checks (WCAG), and technical production specs.
viral-reel-generator
Expert scriptwriter for high-retention short-form video (TikTok, Instagram Reels, YouTube Shorts). Generates optimized scripts with engineered hooks, strict anti-AI-slop writing rules, and personality-driven delivery.
business-fact-checker
Specialized verification of business claims, financial metrics, valuations, and market data. Use proactively for due diligence, pitch deck reviews, and financial news analysis.
pitch-deck-creator-edtech
Use when user needs to create a pitch deck for EdTech startups - transforms content into visually compelling, narrative-driven presentations through collaborative refinement, wireframing, and hybrid deck generation (PowerPoint + Google Slides)
new-venture-analyst
Generates comprehensive venture viability reports, financial models, and GTM strategy critiques for new business ideas or products. Use when a user needs to vet an idea, analyze a business plan, or stress-test strategic assumptions.
Didn't find tool you were looking for?