ReddRadar
Agent skill
oscal-text-converter
Convert OSCAL documents between formats (JSON, YAML, XML) and to human-readable formats like Markdown or plain text. Use for document transformation, reporting, and making OSCAL data accessible to non-technical stakeholders.
Install this agent skill to your Project
npx add-skill https://github.com/euCann/OSCAL-GRC-SKILLS/tree/main/skills/oscal-text-converter
SKILL.md
OSCAL Text Converter Skill
Convert OSCAL documents between machine formats and to human-readable text for documentation, reporting, and accessibility.
When to Use This Skill
Use this skill when you need to:
- Convert between OSCAL formats (JSON ↔ YAML ↔ XML)
- Generate human-readable documentation from OSCAL
- Create Markdown reports from OSCAL data
- Export controls to spreadsheet-friendly formats
- Produce plain-text summaries
✅ Data Source Principle
This skill transforms and formats documents you provide. All content in the output comes from your source OSCAL document — no compliance data is added from training knowledge.
Supported Conversions
Format Conversions
| From | To | Notes |
|---|---|---|
| JSON | YAML | Preferred for readability |
| JSON | XML | For legacy systems |
| YAML | JSON | For processing |
| YAML | XML | Less common |
| XML | JSON | Recommended |
| XML | YAML | Less common |
Text Conversions
| From | To | Use Case |
|---|---|---|
| OSCAL | Markdown | Documentation |
| OSCAL | Plain Text | Quick review |
| OSCAL | CSV | Spreadsheets |
| OSCAL | HTML | Web publishing |
Format Conversion Process
JSON to YAML
- Parse JSON document
- Preserve all data structures
- Output as YAML with proper indentation
- Maintain OSCAL element ordering
JSON to XML
- Parse JSON document
- Map to OSCAL XML schema
- Add XML namespaces
- Preserve all attributes
XML to JSON
- Parse XML document
- Handle XML-specific elements (attributes, namespaces)
- Map to OSCAL JSON structure
- Validate output
Human-Readable Conversions
Catalog to Markdown
# NIST SP 800-53 Rev 5
**Version:** 5.1.0
**Last Modified:** 2023-12-01
**OSCAL Version:** 1.2.0
## Control Families
### Access Control (AC)
#### AC-1: Policy and Procedures
**Control Statement:**
a. Develop, document, and disseminate to [Assignment: organization-defined
personnel or roles]:
1. An access control policy that:
- Addresses purpose, scope, roles, responsibilities, management
commitment, coordination among organizational entities, and compliance
- Is consistent with applicable laws, executive orders, directives,
regulations, policies, standards, and guidelines
**Discussion:**
Access control policy and procedures address the controls in the AC family...
**Related Controls:** PM-9, PS-8, SI-12
---
#### AC-2: Account Management
**Control Statement:**
a. Define and document the types of accounts allowed...
SSP to Plain Text
SYSTEM SECURITY PLAN SUMMARY
============================
System Name: Cloud Application Platform
System ID: cloud-app-001
Authorization Status: Authorized
Authorization Date: 2024-01-15
SYSTEM DESCRIPTION
------------------
The Cloud Application Platform provides...
SECURITY CATEGORIZATION
-----------------------
Confidentiality: Moderate
Integrity: Moderate
Availability: Low
Overall: Moderate
CONTROL IMPLEMENTATION SUMMARY
------------------------------
Total Controls Required: 325
Implemented: 287 (88%)
Partially Implemented: 25 (8%)
Planned: 10 (3%)
Not Applicable: 3 (1%)
TOP GAPS
--------
1. SI-4 - Security Monitoring (Planned)
2. CA-7 - Continuous Monitoring (Partial)
3. CP-9 - System Backup (Partial)
Controls to CSV
Control ID,Title,Family,Status,Responsible Party,Implementation Summary
AC-1,Policy and Procedures,Access Control,Implemented,ISSO,Access control policy documented
AC-2,Account Management,Access Control,Implemented,IAM Admin,Azure AD manages accounts
AC-3,Access Enforcement,Access Control,Implemented,System Admin,RBAC enforced via policies
AC-4,Information Flow,Access Control,Partial,Network Admin,Firewall rules in place - DLP pending
Conversion Templates
Executive Summary Template
# Executive Summary: [System Name]
## Authorization Status
**Status:** [Authorized/In Progress]
**Date:** [Date]
**Authorizing Official:** [Name]
## Compliance Overview
- **Framework:** [NIST 800-53 / FedRAMP / etc.]
- **Baseline:** [Low/Moderate/High]
- **Compliance Rate:** [X]%
## Key Metrics
| Metric | Value |
|--------|-------|
| Total Controls | [N] |
| Implemented | [N] |
| Open POA&M Items | [N] |
| Critical Risks | [N] |
## Recommendations
1. [Recommendation 1]
2. [Recommendation 2]
Control Implementation Template
## [Control ID]: [Control Title]
**Implementation Status:** [Status]
**Responsible Role:** [Role]
### Requirement
[Control statement text]
### How We Implement This
[Implementation narrative]
### Evidence
- [Evidence item 1]
- [Evidence item 2]
### Related Controls
[List of related controls]
Extraction Options
Control Information
Extract and format:
- Control ID and title
- Statement text
- Guidance/discussion
- Parameters
- Enhancements
- Related controls
Implementation Details
Extract and format:
- Implementation status
- Implementation narrative
- Responsible parties
- Evidence references
- Parameter settings
System Information
Extract and format:
- System characteristics
- Authorization boundary
- Network diagrams (references)
- User types
- Data flows
Output Formatting Options
Markdown Options
- Headers (ATX style: #, ##, ###)
- Tables (pipe tables)
- Code blocks (for technical content)
- Lists (bulleted and numbered)
- Links and references
Plain Text Options
- ASCII borders and dividers
- Fixed-width formatting
- Indentation for hierarchy
- Simple bullet points
CSV Options
- Column headers
- Quoted strings
- Escaped commas
- Proper encoding (UTF-8)
Example Usage
When asked "Convert this OSCAL catalog to readable Markdown":
- Parse the OSCAL catalog
- Extract metadata (title, version)
- Iterate through groups (families)
- For each control:
- Format ID and title as header
- Extract and format statement
- Include guidance if present
- List enhancements
- Add table of contents
- Output complete Markdown document
When asked "Export controls to CSV for spreadsheet":
- Parse the OSCAL document
- Determine relevant fields
- Create header row
- For each control, extract:
- ID, title, family
- Status (if SSP)
- Description/summary
- Format as CSV with proper escaping
- Output for download/copy
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
euCann/OSCAL-GRC-SKILLS
oscal-control-mapper
Create and analyze OSCAL Control Mapping documents to establish formal relationships between controls across different frameworks (NIST 800-53, ISO 27001, CIS, PCI-DSS, etc.). Use this skill to document control equivalencies, gaps, and harmonization for multi-framework compliance.
euCann/OSCAL-GRC-SKILLS
oscal-validator
Validate OSCAL documents for structural integrity, schema compliance, and OSCAL-specific requirements. Use this skill to check if OSCAL documents are properly formatted and meet NIST OSCAL specifications before processing.
euCann/OSCAL-GRC-SKILLS
control-implementation-generator
Generate detailed control implementation guidance, technical steps, and implementation plans for OSCAL security controls. Use this skill to create implementation narratives, technical procedures, and deployment plans.
euCann/OSCAL-GRC-SKILLS
oscal-visualizer
Create visual diagrams and representations of OSCAL documents including control hierarchies, component relationships, implementation flows, and SSP overviews. Inspired by oscal-diagrams and community visualization tools.
euCann/OSCAL-GRC-SKILLS
controls-extractor
Extract and analyze security controls from OSCAL catalogs, profiles, and SSPs. Use this skill to get detailed information about control hierarchies, statements, parameters, and implementation status for compliance analysis.
euCann/OSCAL-GRC-SKILLS
workflow-orchestrator
Orchestrate complex multi-step OSCAL compliance workflows by combining multiple skills. Use this skill for end-to-end compliance automation like FedRAMP package reviews, continuous monitoring, and gap assessments.
Didn't find tool you were looking for?