Compliance

This skill applies consistent corporate branding and styling to all generated documents including colors, fonts, layouts, and messaging

This skill provides comprehensive guidance for implementing PCI DSS (Payment Card Industry Data Security Standard) compliance. It covers the 12 core requirements, tokenization strategies using payment processors like Stripe, encryption for data at rest and in transit, access control patterns, and audit logging best practices for secure payment processing.

This skill helps create employment contracts, offer letters, employee handbooks, and HR policy documents following legal best practices. It includes GDPR-compliant data handling patterns, consent management, and data subject rights implementation guidance with ready-to-use templates.

This skill provides comprehensive security threat modeling capabilities using the STRIDE methodology. It helps security professionals build attack trees to visualize threat paths, map threats to security controls, extract security requirements from threat models, and configure SAST tools for automated vulnerability detection.

Guides blockchain auditors through verifying that smart contract code implements exactly what specification documents describe. Uses a 6-phase methodology with intermediate representations to systematically compare whitepapers and design docs against actual code implementation, identifying gaps, mismatches, and undocumented behavior.

A differential analysis skill for verifying that git commits properly address security audit findings. It helps map code changes to specific findings (like TOB-XXX format), detect potential bug introductions, and generate comprehensive fix review reports.

A constitution validation skill that creates project governance rules by exploring your codebase to discover actual patterns and conventions. It supports three rule levels (L1 critical, L2 blocking, L3 advisory) and generates compliance reports to enforce security, architecture, code quality, and testing standards.

This skill ensures code implementations match documented specifications (PRD, SDD, implementation plans). It checks interface contracts, data structures, business logic, and architecture decisions against requirements, then provides structured compliance reports with deviation classification (critical, notable, acceptable).

Create or refine a concise, normative security policy ("Blue Book") for sensitive applications. Use when users need a threat model, data classification rules, auth/session policy, logging and audit requirements, retention/deletion expectations, incident response, or security gates for apps handling PII/PHI/financial data.