Compliance Audit
Audit technical controls against compliance framework requirements
Best use case
Compliance Audit is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Audit technical controls against compliance framework requirements
Teams using Compliance Audit should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/compliance-audit/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How Compliance Audit Compares
| Feature / Agent | Compliance Audit | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Audit technical controls against compliance framework requirements
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Compliance Audit Skill Audit technical controls against compliance framework requirements. ## Trigger Conditions - Control mapping changes or evidence staleness >30 days - Quarterly compliance review cycle - User invokes with "compliance audit" or "control assessment" ## Input Contract - **Required:** Framework(s) to audit against (SOC 2, GDPR, FedRAMP, etc.) - **Required:** Control mapping matrix - **Optional:** Prior audit results, remediation status ## Output Contract - Control status report (compliant, gap, partial) - Evidence inventory with freshness scores - POA&M for open findings - Compliance posture score ## Tool Permissions - **Read:** All configs, logs, access policies, encryption settings - **Write:** Audit reports, evidence documentation - **Search:** Control implementation evidence ## Execution Steps 1. Load control mapping matrix for target framework 2. For each control, search for implementation evidence 3. Verify evidence is current (not stale) 4. Classify each control: compliant, partial, gap 5. For gaps, create POA&M entries with owners and deadlines 6. Calculate overall compliance posture score 7. Generate audit report ## Success Criteria - Every control classified with evidence reference - No evidence older than 30 days for continuous controls - POA&M entries have assigned owners and deadlines - Compliance score calculated ## Escalation Rules - Escalate if critical control gaps are found - Escalate if evidence cannot be generated automatically - Escalate if compliance score drops below threshold ## Example Invocations **Input:** "Audit SOC 2 Type II controls for the payment service" **Output:** 47 controls assessed. 39 compliant, 5 partial (access reviews overdue, MFA not enforced for service accounts, log retention below 1yr for 2 services, encryption key rotation not automated, backup restore not tested). 3 gaps (no formal change management for DB, missing vendor risk assessment, incident response not tested). POA&M created with 30/60/90 day deadlines.
Related Skills
ln-634-test-coverage-auditor
Coverage Gaps audit worker (L3). Identifies missing tests for critical paths (Money 20+, Security 20+, Data Integrity 15+, Core Flows 15+). Returns list of untested critical business logic with priority justification.
legal-compliance-agent
Generate legally compliant privacy policies, terms of service, HIPAA documentation, and compliance pages for healthcare SaaS platforms. Ensures Google Play/App Store approval and GDPR/HIPAA compliance.
laravel-security-audit
Security auditor for Laravel applications. Analyzes code for vulnerabilities, misconfigurations, and insecure practices using OWASP standards and Laravel security best practices.
kube-audit-kit
Performs read-only Kubernetes security audits by exporting resources, sanitizing metadata, grouping applications by topology, and generating PSS/NSA-compliant audit reports. Use when the user requests auditing Kubernetes clusters, Namespaces, security reviews, or configuration analysis.
jules-audit-request
Protocol for escalation to Jules when stuck.
industry-compliance
Use this skill when you need industry-specific regulatory compliance for Banking & Finance (FFIEC, FINRA, Basel III, PSD2, DORA), Healthcare & Life Sciences (FDA 21 CFR Part 11, HITRUST CSF, HL7 FHIR security, GxP), Hi-Tech & Semiconductors (ITAR, EAR, CMMC), or Retail/Consumer (PCI-DSS, CPRA). Trigger for sector-specific compliance programs, regulated industry deployments, or when standard frameworks alone are insufficient.
hypeauditor-automation
Automate Hypeauditor tasks via Rube MCP (Composio). Always search tools first for current schemas.
hlab-auditor
No description provided.
gtse-ecommerce-seo-audit
Comprehensive BigCommerce SEO audit for product pages, collection pages, technical SEO, and B2B considerations. Use when GTSE needs SEO audits for their cable ties, safety equipment, and industrial supplies categories. Adapted for B2B ecommerce with trade customer focus.
grc-compliance
This skill should be used when the user asks to "GRC", "governance", "risk", "compliance", "audit", "policy", "control", "risk assessment", "SOX", "GDPR", or any ServiceNow GRC development.
gdpr-auditor
This skill should be used when analyzing codebases, applications, databases, or systems for GDPR (General Data Protection Regulation) compliance. Use this skill when users need to audit data protection practices, identify potential compliance issues, assess data handling procedures, review privacy policies, or ensure adherence to EU data protection requirements.
five-s-auditor
5S workplace organization audit skill with scoring, photo documentation, and sustainability tracking.