aaaaqwq/afrexai-compliance-audit
skills/afrexai-compliance-audit/SKILL.md
Run internal compliance audits against major governance and security frameworks, highlighting gaps, risks, and remediation priorities.
$ install --global
skillsauthnpx skillsauth add aaaaqwq/agi-super-team afrexai-compliance-auditInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 1, 2026, 4:18 PM56.4s3 files scanned
SKILL.md
- name:
- afrexai-compliance-audit
- description:
- Run internal compliance audits against major governance and security
Compliance Audit Generator
Run internal compliance audits against major frameworks without hiring a consultant.
What It Does
Generates a structured compliance audit for your organization against any of these frameworks:
- SOC 2 (Type I & II) — Trust Services Criteria
- ISO 27001 — Information Security Management
- GDPR — Data Protection (EU/UK)
- HIPAA — Healthcare Data (US)
- PCI DSS — Payment Card Security
- SOX — Financial Controls (US public companies)
- CCPA/CPRA — California Consumer Privacy
How to Use
Tell the agent which framework you need audited. Provide context about your organization:
- Industry and size
- Current security controls
- Data types you handle
- Existing certifications
- Known gaps or concerns
Example Prompts
- "Run a SOC 2 readiness audit for our 40-person SaaS company"
- "Check our GDPR compliance — we process EU customer data and use AWS"
- "Generate an ISO 27001 gap analysis for our fintech startup"
- "Audit our HIPAA controls — we're a healthtech handling PHI"
Output Format
The agent produces:
1. Executive Summary
- Overall readiness score (0-100%)
- Critical gaps count
- Estimated remediation timeline
2. Control-by-Control Assessment
For each control domain:
- Status: Compliant / Partial / Non-Compliant / Not Assessed
- Evidence Required: What auditors will ask for
- Current Gap: What's missing
- Remediation Steps: Specific actions to close the gap
- Priority: Critical / High / Medium / Low
- Effort: Hours/days estimate
3. Remediation Roadmap
- Phase 1 (0-30 days): Critical fixes
- Phase 2 (30-90 days): High priority items
- Phase 3 (90-180 days): Full compliance
4. Evidence Checklist
- Document inventory needed for audit
- Policy templates to create
- Technical configurations to verify
Agent Instructions
When the user requests a compliance audit:
- Ask which framework(s) they need assessed
- Gather context about their organization (industry, size, tech stack, data types)
- Generate the full audit report following the output format above
- For each control area, be specific — don't give generic advice. Reference the actual control numbers (e.g., SOC 2 CC6.1, ISO 27001 A.8.2)
- Prioritize findings by business risk, not alphabetical order
- Include cost estimates where possible (e.g., "penetration test: $5,000-$15,000")
- Flag any controls that require third-party tools or services
Be direct. No filler. Every finding should have a clear "do this" action attached.
Related Skills
aaaaqwq/code-exemplars-blueprint-generator
development
VerifiedTrustedCommunity
Technology-agnostic prompt generator that creates customizable AI prompts for scanning codebases and identifying high-quality code exemplars. Supports multiple programming languages (.NET, Java, JavaScript, TypeScript, React, Angular, Python) with configurable analysis depth, categorization methods, and documentation formats to establish coding standards and maintain consistency across development teams.
37SKILL.mdUpdated Apr 11, 2026
aaaaqwq/chrome-devtools
tools
VerifiedTrustedCommunity
Expert-level browser automation, debugging, and performance analysis using Chrome DevTools MCP. Use for interacting with web pages, capturing screenshots, analyzing network traffic, and profiling performance.
37SKILL.mdUpdated Apr 11, 2026
aaaaqwq/breakdown-feature-implementation
data-ai
VerifiedTrustedCommunity
Prompt for creating detailed feature implementation plans, following Epoch monorepo structure.
37SKILL.mdUpdated Apr 11, 2026
aaaaqwq/boost-prompt
tools
VerifiedTrustedCommunity
Interactive prompt refinement workflow: interrogates scope, deliverables, constraints; copies final markdown to clipboard; never writes code. Requires the Joyride extension.
37SKILL.mdUpdated Apr 11, 2026