ReddRadar
Agent skill
compliance-evidence-collector
Automated evidence collection across compliance frameworks from cloud providers, identity systems, and security tools
Install this agent skill to your Project
npx add-skill https://github.com/a5c-ai/babysitter/tree/main/library/specializations/security-compliance/skills/compliance-evidence-collector
SKILL.md
Compliance Evidence Collector Skill
Purpose
Automate compliance evidence collection across multiple frameworks by gathering configuration snapshots, access control evidence, logs, policies, and documentation from cloud providers, identity systems, and security tools.
Capabilities
Cloud Configuration Evidence
- Capture AWS, Azure, GCP configuration snapshots
- Document IAM policies and role configurations
- Export security group and network ACL settings
- Collect encryption settings and key management evidence
- Screenshot cloud console configurations
- Archive CloudTrail, Activity Logs, Audit Logs
Access Control Evidence
- Export user and group listings
- Document role-based access control configurations
- Capture privileged access reviews
- Collect authentication policy evidence
- Document MFA enrollment status
- Archive access provisioning/deprovisioning records
Log Collection and Verification
- Collect security event logs
- Verify log retention compliance
- Document log integrity mechanisms
- Export SIEM correlation rules
- Capture alerting configurations
- Archive incident response logs
Policy Document Management
- Version control policy documents
- Track policy review and approval dates
- Document policy acknowledgments
- Archive superseded policies
- Generate policy compliance matrices
Screenshot Automation
- Automate evidence screenshots for manual controls
- Capture UI-based configuration evidence
- Document workflow approvals
- Screenshot training completion records
Evidence Chain of Custody
- Maintain evidence metadata and timestamps
- Track evidence collection dates
- Document evidence sources
- Generate evidence inventories
- Create audit-ready packages
Evidence Categories
Technical Evidence
- System configurations
- Security tool outputs
- Vulnerability scan results
- Penetration test reports
- Code analysis results
Administrative Evidence
- Policies and procedures
- Training records
- Risk assessments
- Incident reports
- Change management records
Physical Evidence
- Facility access logs
- Visitor records
- Asset inventories
- Environmental controls documentation
Framework Mapping
| Framework | Evidence Types |
|---|---|
| SOC 2 | Technical, Administrative, Screenshots |
| GDPR | Data processing, Consent, Privacy |
| HIPAA | ePHI, Safeguards, BAAs |
| PCI DSS | CDE, Network, ASV scans |
| ISO 27001 | ISMS, Controls, Risk |
| NIST | Security controls, Risk management |
| FedRAMP | Cloud security, Continuous monitoring |
Integrations
- AWS: Config, CloudTrail, IAM, Security Hub
- Azure: Policy, Activity Log, Azure AD, Defender
- GCP: Cloud Asset Inventory, Audit Logs, IAM
- Identity Providers: Okta, Azure AD, Google Workspace
- SIEM Systems: Splunk, Elastic, Sentinel, Chronicle
- Security Tools: Various vulnerability scanners, EDR
Target Processes
- All compliance audit processes
- Continuous compliance monitoring
- Audit preparation
- Control validation
Input Schema
{
"type": "object",
"properties": {
"frameworks": {
"type": "array",
"items": {
"type": "string",
"enum": ["SOC2", "GDPR", "HIPAA", "PCI-DSS", "ISO27001", "NIST", "FedRAMP"]
},
"description": "Target compliance frameworks"
},
"evidenceTypes": {
"type": "array",
"items": {
"type": "string",
"enum": ["cloud-config", "access-control", "logs", "policies", "screenshots", "network", "encryption"]
}
},
"cloudProviders": {
"type": "array",
"items": {
"type": "string",
"enum": ["AWS", "Azure", "GCP"]
}
},
"dateRange": {
"type": "object",
"properties": {
"startDate": { "type": "string", "format": "date" },
"endDate": { "type": "string", "format": "date" }
}
},
"controlIds": {
"type": "array",
"items": { "type": "string" },
"description": "Specific control IDs to collect evidence for"
},
"outputPath": {
"type": "string",
"description": "Base path for evidence storage"
}
},
"required": ["frameworks", "evidenceTypes"]
}
Output Schema
{
"type": "object",
"properties": {
"collectionId": {
"type": "string"
},
"collectionDate": {
"type": "string",
"format": "date-time"
},
"frameworks": {
"type": "array"
},
"evidenceSummary": {
"type": "object",
"properties": {
"totalItems": { "type": "integer" },
"collected": { "type": "integer" },
"failed": { "type": "integer" },
"pending": { "type": "integer" }
}
},
"evidenceInventory": {
"type": "array",
"items": {
"type": "object",
"properties": {
"evidenceId": { "type": "string" },
"controlId": { "type": "string" },
"type": { "type": "string" },
"source": { "type": "string" },
"collectionTimestamp": { "type": "string" },
"filePath": { "type": "string" },
"hash": { "type": "string" },
"status": { "type": "string" }
}
}
},
"chainOfCustody": {
"type": "object",
"properties": {
"collector": { "type": "string" },
"collectionMethod": { "type": "string" },
"integrityVerification": { "type": "string" }
}
},
"gaps": {
"type": "array",
"items": {
"type": "object",
"properties": {
"controlId": { "type": "string" },
"missingEvidence": { "type": "string" },
"reason": { "type": "string" }
}
}
},
"auditPackage": {
"type": "object",
"properties": {
"basePath": { "type": "string" },
"indexFile": { "type": "string" },
"totalSize": { "type": "string" }
}
}
}
}
Usage Example
skill: {
name: 'compliance-evidence-collector',
context: {
frameworks: ['SOC2', 'ISO27001'],
evidenceTypes: ['cloud-config', 'access-control', 'logs'],
cloudProviders: ['AWS', 'Azure'],
dateRange: {
startDate: '2024-01-01',
endDate: '2024-12-31'
}
}
}
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
a5c-ai/babysitter
gsd-tools
Central utility skill for GSD operations. Provides config parsing, slug generation, timestamps, path operations, and orchestrates calls to other specialized skills. Acts as the unified entry point that the original gsd-tools.cjs provided via its lib/ modules (commands, config, core, init).
a5c-ai/babysitter
model-profile-resolution
Resolve model profile (quality/balanced/budget) at orchestration start and map agents to specific models. Enables cost/quality tradeoffs by selecting appropriate AI models for each agent role.
a5c-ai/babysitter
verification-suite
Plan structure validation, phase completeness checks, reference integrity verification, and artifact existence confirmation. Provides the structured verification layer ensuring GSD artifacts are well-formed and complete.
a5c-ai/babysitter
state-management
STATE.md reading, writing, and field-level updates. Provides cross-session state persistence via .planning/STATE.md with structured fields for current task, completed phases, blockers, decisions, and quick tasks.
a5c-ai/babysitter
git-integration
Git commit patterns, formats, and conventions for GSD methodology. Provides atomic commits per task, structured commit messages, planning file commits, branch management, and milestone tag operations.
a5c-ai/babysitter
frontmatter-parsing
YAML frontmatter parsing and manipulation for .planning/ documents. Provides read, write, update, query, and validation operations on frontmatter blocks in GSD markdown artifacts.
Didn't find tool you were looking for?