Compliance & Audit Bundle | Prompeteer.ai

Audit-readiness checklists, control-narrative drafting, evidence-collection templates, and walkthrough-prep skills.

Included Skills (55)

  1. Compliance Os — Compliance OS — meta-orchestrator that lets compliance teams CONFIGURE which frameworks apply, COMPUTE cross-framework control overlap, SIMULATE internal audits, and CONSOLIDATE evidence across multiple frameworks. Four decisions: (1) Given a company profile, which of the 12 supported frameworks apply (ISO 27001/13485/42001/14971, EU AI Act, MDR 745, GDPR, SOC 2, FDA QSR, NIST CSF 2.0, NIS2, HIPAA)? (2) Across selected frameworks, which controls overlap and how much evidence reuses? (3) For a given framework + scope, what does a realistic mock audit produce — drawing from the 205-scenario library? (4) Across selected frameworks, what's the unified evidence checklist with reuse map? Use when standing up a multi-framework program, planning the annual audit calendar, or preparing for certification stage 1. Does NOT replace per-framework skills (it orchestrates them).
  2. ISMS Audit Assistant — This skill helps security professionals conduct ISO 27001 ISMS audits, assess controls, and prepare for certification.
  3. Senior Secops — Senior SecOps engineer skill for application security, vulnerability management, compliance verification, and secure development practices. Runs SAST/DAST scans, generates CVE remediation plans, checks dependency vulnerabilities, creates security policies, enforces secure coding patterns, and automates compliance checks against SOC2, PCI-DSS, HIPAA, and GDPR. Use when conducting a security review or audit, responding to a CVE or security incident, hardening infrastructure, implementing authentication or secrets management, running penetration test prep, checking OWASP Top 10 exposure, or enforcing security controls in CI/CD pipelines.
  4. CLAUDE.md Optimizer — This skill audits and improves CLAUDE.md files within a repository, ensuring optimal project context for Claude Code assistants.
  5. Security Incident Responder — This skill classifies, triages, and manages declared security incidents, determining severity, escalation paths, and initiating forensic evidence collection for security teams.
  6. Subdomain Discovery Tool — Subfinder discovers subdomains for a target domain using passive enumeration, aiding security professionals and developers in attack surface mapping.
  7. CLAUDE.md Optimizer — This skill audits and improves CLAUDE.md files within a repository, ensuring optimal project context for Claude Code and aiding developers.
  8. Feature Flag Architect — This skill helps software teams manage feature flags throughout their lifecycle, from creation and rollout to auditing and removal.
  9. Feature Flag Architect — This skill helps software teams manage feature flags throughout their lifecycle, from creation and rollout to auditing and eventual removal.
  10. Answer Engine Optimization (AEO) — Answer Engine Optimization (AEO) skill — optimize content to be cited by AI language models (ChatGPT, Perplexity, Claude, Gemini, Mistral) as authoritative sources. Distinct from SEO — AEO optimizes for citation in LLM-generated responses, not search rankings. Use when planning content for AI-first search audiences, auditing existing content for E-E-A-T signals, tracking which pages get cited by which LLMs, or building a citation-friendly content strategy. Triggers — 'AEO audit', 'optimize for ChatGPT', 'get cited by Perplexity', 'LLM citation strategy', 'answer engine optimization', 'content for AI search', 'E-E-A-T audit'. Output is a markdown audit report (default) or JSON for pipeline integration. Stdlib-only Python tools.
  11. Programmatic Seo — When the user wants to create SEO-driven pages at scale using templates and data. Also use when the user mentions "programmatic SEO," "template pages," "pages at scale," "directory pages," "location pages," "[keyword] + [city] pages," "comparison pages," "integration pages," or "building many pages for SEO." For auditing existing SEO issues, see seo-audit.
  12. Schema Markup — When the user wants to implement, audit, or validate structured data (schema markup) on their website. Use when the user mentions 'structured data,' 'schema.org,' 'JSON-LD,' 'rich results,' 'rich snippets,' 'schema markup,' 'FAQ schema,' 'Product schema,' 'HowTo schema,' or 'structured data errors in Search Console.' Also use when someone asks why their content isn't showing rich results or wants to improve AI search visibility. NOT for general SEO audits (use seo-audit) or technical SEO crawl issues (use site-architecture).
  13. Site Architecture — When the user wants to audit, redesign, or plan their website's structure, URL hierarchy, navigation design, or internal linking strategy. Use when the user mentions 'site architecture,' 'URL structure,' 'internal links,' 'site navigation,' 'breadcrumbs,' 'topic clusters,' 'hub pages,' 'orphan pages,' 'silo structure,' 'information architecture,' or 'website reorganization.' Also use when someone has SEO problems and the root cause is structural (not content or schema). NOT for content strategy decisions about what to write (use content-strategy) or for schema markup (use schema-markup).
  14. AI Security Assessor — Assess AI/ML systems for vulnerabilities like prompt injection, model inversion, and data poisoning, aiding security engineers and AI developers.
  15. Robotics Security Hardening — This skill hardens robotic systems by implementing security best practices for ROS2, DDS, network segmentation, and secrets management.
  16. SOC2 Compliance Assistant — Helps SaaS companies achieve SOC 2 Type II compliance by implementing controls and preparing for audits to meet enterprise requirements.
  17. HIPAA Compliance Implementation — This skill helps developers implement HIPAA compliance in healthcare applications, covering PHI handling, encryption, audit logging, and access controls.
  18. Gdpr Dsgvo Expert — GDPR and German DSGVO compliance automation. Scans codebases for privacy risks, generates DPIA documentation, tracks data subject rights requests with Art. 12(3) one-month deadlines. Use when running GDPR compliance assessments, privacy audits, data protection planning, DPIA generation, or data subject rights (DSAR) management (e.g., 'check this service for GDPR risks', 'track an access request deadline'). Final compliance determinations route to the DPO or legal counsel.
  19. Information Security Manager Iso27001 — ISO 27001 ISMS implementation and cybersecurity governance for HealthTech and MedTech companies. Use when designing an ISMS, running security risk assessments, implementing controls, pursuing ISO 27001 certification, preparing security audits, responding to security incidents, or verifying compliance. Covers ISO 27001, ISO 27002, healthcare security, and medical device cybersecurity.
  20. Actions Security Auditor — This skill audits GitHub Actions workflows for security vulnerabilities in AI agent integrations, assisting developers in securing their CI/CD pipelines.
  21. Agentic Action Auditor — This skill audits GitHub Actions workflows for security vulnerabilities in AI agent integrations, helping developers secure their CI/CD pipelines.
  22. Accessibility Audit Tool — This skill scans, fixes, and verifies WCAG 2.2 Level A/AA compliance in web codebases, aiding developers and compliance teams.
  23. Secrets Hygiene Auditor — Audits codebases for leaked secrets and insecure environment variable practices, helping developers and security teams improve application security.
  24. Assumption Validation Engine — This skill audits assumptions, classifies them by type and impact, and rebuilds conclusions from verified premises, assisting users in critical decision-making.
  25. Mapping API Integration — Integrate mapping and geolocation APIs like Google Maps and Mapbox to build location-aware applications for developers.
  26. CCPA Compliance Assistant — Helps businesses comply with CCPA/CPRA by implementing data privacy features and responding to consumer data requests.
  27. Free Tool Strategy — When the user wants to build a free tool for marketing — lead generation, SEO value, or brand awareness. Use when they mention 'engineering as marketing,' 'free tool,' 'calculator,' 'generator,' 'checker,' 'grader,' 'marketing tool,' 'lead gen tool,' 'build something for traffic,' 'interactive tool,' or 'free resource.' Covers idea evaluation, tool design, and launch strategy. For pure SEO content strategy (no tool), use seo-audit or content-strategy instead.
  28. Quality Manager Qms Iso13485 — ISO 13485 Quality Management System implementation and maintenance for medical device organizations. Provides QMS design, documentation control, internal auditing, CAPA management, and certification support. Use when working with medical device quality systems, preparing for ISO 13485 audits, managing regulatory compliance documentation, setting up corrective actions, or building audit preparation programs. Useful for quality management, audit preparation, regulatory compliance, medical device documentation, and corrective action workflows.
  29. Amass Network Discovery — This skill leverages OWASP Amass to perform comprehensive network mapping and subdomain enumeration for security professionals and researchers.
  30. Security Audit Agent — This skill performs comprehensive security audits, threat modeling, and hardening for software and infrastructure projects, aiding security professionals.
  31. Security Audit Agent — This skill conducts security audits, threat modeling, and provides hardening recommendations for software and infrastructure projects, aiding security professionals.
  32. Mistral AI Interface — Provides access to Mistral AI's language models for code generation, multilingual tasks, and GDPR-compliant AI inference.
  33. PCI DSS Compliance — Achieve PCI DSS compliance by scoping, implementing controls, and selecting SAQ types for secure payment card data handling.
  34. Analytics Tracking Assistant — Assists users in setting up, improving, and auditing analytics tracking and measurement for actionable marketing and product insights.
  35. Amass Network Mapper — This skill uses OWASP Amass to perform in-depth DNS enumeration and network mapping for comprehensive attack surface discovery.
  36. Analytics Tracking Assistant — Assists users in setting up, improving, and auditing analytics tracking and measurement for actionable marketing and product insights.
  37. Operator Building Assistant — This skill helps developers build robust Kubernetes Operators by providing tools for CRD validation, reconcile-loop linting, and capability auditing.
  38. Partnerships Architect — Use when a startup is approached by a prospective partner and someone has to decide should we sign this partner, at what partner tier (referral / reseller / OEM / SI-consulting / strategic alliance), with what joint GTM commitment, and at what revshare. Classifies partner tier from independent-demand evidence vs. preferential-terms hunting, designs a 90-day joint GTM plan, models revshare against direct-sale margin, and surfaces kill criteria for unwinding under-performing partnerships. For Head of Partnerships, Head of BD, and Founder-CEOs doing reseller agreement, OEM deal, or strategic alliance review — not technical sale enablement, not channel cost economics, not M&A.
  39. API Design Reviewer — Comprehensive REST API design review with automated linting, breaking-change detection, and design scorecards. Catches inconsistent conventions, missing versioning, and design smells before APIs ship. Use when reviewing a PR that adds or changes API endpoints, auditing an existing API for v2 migration, or establishing API standards for a team.
  40. Changelog Generator — Produce consistent, auditable release notes from Conventional Commits. Separates commit parsing, semantic-bump logic, and changelog rendering for automated releases with editorial control. Use when cutting a release, generating CHANGELOG.md from git history, computing the next semantic version from commits, automating release notes in CI, or planning a hotfix/rollback. Examples: 'generate the changelog for v1.4.0', 'what version bump do these commits require', 'we need an emergency hotfix process'.
  41. Operator Building Assistant — This skill assists developers building Kubernetes Operators by providing tools for CRD validation, reconcile loop linting, and capability auditing.
  42. Senior Fullstack — Fullstack development toolkit with project scaffolding for Next.js, FastAPI, MERN, and Django stacks, code quality analysis with security and complexity scoring, and stack selection guidance. Use when the user asks to "scaffold a new project", "create a Next.js app", "set up FastAPI with React", "analyze code quality", "audit my codebase", "what stack should I use", "generate project boilerplate", or mentions fullstack development, project setup, or tech stack comparison.
  43. Analytics Tracking — Set up, audit, and debug analytics tracking implementation — GA4, Google Tag Manager, event taxonomy, conversion tracking, and data quality. Use when building a tracking plan from scratch, auditing existing analytics for gaps or errors, debugging missing events, or setting up GTM. Trigger keywords: GA4 setup, Google Tag Manager, GTM, event tracking, analytics implementation, conversion tracking, tracking plan, event taxonomy, custom dimensions, UTM tracking, analytics audit, missing events, tracking broken. NOT for analyzing marketing campaign data — use campaign-analytics for that. NOT for BI dashboards — use product-analytics for in-product event analysis.
  44. Social Media Manager — When the user wants to develop social media strategy, plan content calendars, manage community engagement, or grow their social presence across platforms. Also use when the user mentions 'social media strategy,' 'social calendar,' 'community management,' 'social media plan,' 'grow followers,' 'engagement rate,' 'social media audit,' or 'which platforms should I use.' For writing individual social posts, see social-content. For analyzing social performance data, see social-media-analyzer.
  45. UX Researcher Designer — UX research and design toolkit for Senior UX Designer/Researcher including data-driven persona generation, journey mapping, usability testing frameworks, and research synthesis. Use when conducting user research, creating personas, mapping user journeys, planning usability tests, or validating designs.
  46. Fda Consultant Specialist — FDA regulatory consultant for medical device companies. Provides 510(k)/PMA/De Novo pathway guidance, QMSR (21 CFR 820, which incorporates ISO 13485:2016 by reference since 2026-02-02; formerly QSR) compliance, HIPAA assessments, and device cybersecurity. Use when user mentions FDA submission, 510(k), PMA, De Novo, QMSR, QSR, ISO 13485 for FDA, premarket, predicate device, substantial equivalence, HIPAA medical device, or FDA cybersecurity.
  47. Mdr 745 Specialist — EU MDR 2017/745 compliance specialist for medical device classification, technical documentation, clinical evidence, and post-market surveillance. Covers Annex VIII classification rules, Annex II/III technical files, Annex XIV clinical evaluation, Art. 86 PSUR schedules, and EUDAMED integration. Use when classifying a medical device under MDR, building or gap-checking a technical file, planning clinical evaluation or PMS/PSUR cadence, or preparing for notified body review (e.g., 'what class is my device under MDR', 'review my PSUR schedule').
  48. Qms Audit Expert — ISO 13485 internal audit expertise for medical device QMS. Covers audit planning, execution, nonconformity classification, and CAPA verification. Use when planning internal audits, executing audits, classifying findings, preparing for external audits, or managing an audit program.
  49. Collab Proof — Use when you want to understand what Claude contributed vs what you drove in a session. Triggers on: /collab-proof, session retrospective, ai contribution analysis, collaboration evidence, what did claude do.
  50. Confluence Expert — Atlassian Confluence expert for creating and managing spaces, knowledge bases, and documentation. Configures space permissions and hierarchies, creates page templates with macros, sets up documentation taxonomies, designs page layouts, and manages content governance. Use when users need to build or restructure a Confluence space, design page hierarchies with permission structures, author or standardise documentation templates, embed Jira reports in pages, run knowledge base audits, or establish documentation standards and collaborative workflows.
  51. Terraform IaC Assistant — This skill helps engineers design secure, well-structured Terraform infrastructure code by providing module design, security auditing, and CI/CD integration.
  52. Dossier — Decision-grade entity research skill — produces a hypothesis-tested dossier on a specific company, person, nonprofit, or government org, not a generic profile. Forcing intake makes the user state their hypothesis upfront (what they already believe and want to verify or disprove) so the dossier tests it rather than confirms it. Output is an editable Word document (.docx) with verdict on the hypothesis, identity facts, 12-month activity timeline, network and reputation signals, red flags, conversation hooks tied to specific findings, and source-provenance audit log. Uses WebSearch + WebFetch + free APIs (SEC EDGAR, GitHub, ProPublica) as workhorses; optional BYOK MCPs enhance coverage. Use when the user asks for background research, diligence, or meeting prep on a specific entity (e.g., 'prep me for a meeting with [person/company]', 'due diligence on [company]'). Honors sensitivity exclusions for journalism + personal-vetting contexts.
  53. SOC 2 Assistant — Assists SaaS companies preparing for SOC 2 audits by mapping criteria, building matrices, and assessing audit readiness.
  54. Social Media Analyzer — Social media campaign analysis and performance tracking. Calculates engagement rates, ROI, and benchmarks across platforms. Use when analyzing social media performance, calculating engagement rate, measuring campaign ROI, comparing platform metrics, or benchmarking against industry standards. Also use when the user mentions "social media audit," "engagement rate," or "which platform performs best.
  55. Tamper-Proof Audit Logs — Implement tamper-evident audit logs for compliance, helping developers build compliance audit trails and immutable event logs that meet regulatory retention requirements.