SOC 2 Type II Bundle | Prompeteer.ai

Trust-service-criteria mapping, control descriptions, evidence-room organization, and audit-firm-prep skills for SOC 2 readiness.

Included Skills (50)

  1. Security Incident Responder — This skill classifies, triages, and manages declared security incidents, determining severity, escalation paths, and initiating forensic evidence collection for security teams.
  2. Compliance Os — Compliance OS — meta-orchestrator that lets compliance teams CONFIGURE which frameworks apply, COMPUTE cross-framework control overlap, SIMULATE internal audits, and CONSOLIDATE evidence across multiple frameworks. Four decisions: (1) Given a company profile, which of the 12 supported frameworks apply (ISO 27001/13485/42001/14971, EU AI Act, MDR 745, GDPR, SOC 2, FDA QSR, NIST CSF 2.0, NIS2, HIPAA)? (2) Across selected frameworks, which controls overlap and how much evidence reuses? (3) For a given framework + scope, what does a realistic mock audit produce — drawing from the 205-scenario library? (4) Across selected frameworks, what's the unified evidence checklist with reuse map? Use when standing up a multi-framework program, planning the annual audit calendar, or preparing for certification stage 1. Does NOT replace per-framework skills (it orchestrates them).
  3. ISMS Audit Assistant — This skill helps security professionals conduct ISO 27001 ISMS audits, assess controls, and prepare for certification.
  4. AI Security Assessor — Assess AI/ML systems for vulnerabilities like prompt injection, model inversion, and data poisoning, aiding security engineers and AI developers.
  5. Robotics Security Hardening — This skill hardens robotic systems by implementing security best practices for ROS2, DDS, network segmentation, and secrets management.
  6. Subdomain Discovery Tool — Subfinder discovers subdomains for a target domain using passive enumeration, aiding security professionals and developers in attack surface mapping.
  7. Feature Flag Architect — This skill helps software teams manage feature flags throughout their lifecycle, from creation and rollout to auditing and removal.
  8. Feature Flag Architect — This skill helps software teams manage feature flags throughout their lifecycle, from creation and rollout to auditing and eventual removal.
  9. CLAUDE.md Optimizer — This skill audits and improves CLAUDE.md files within a repository, ensuring optimal project context for Claude Code assistants.
  10. Actions Security Auditor — This skill audits GitHub Actions workflows for security vulnerabilities in AI agent integrations, assisting developers in securing their CI/CD pipelines.
  11. SOC2 Compliance Assistant — Helps SaaS companies achieve SOC 2 Type II compliance by implementing controls and preparing for audits to meet enterprise requirements.
  12. CLAUDE.md Optimizer — This skill audits and improves CLAUDE.md files within a repository, ensuring optimal project context for Claude Code and aiding developers.
  13. Agentic Action Auditor — This skill audits GitHub Actions workflows for security vulnerabilities in AI agent integrations, helping developers secure their CI/CD pipelines.
  14. Answer Engine Optimization (AEO) — Answer Engine Optimization (AEO) skill — optimize content to be cited by AI language models (ChatGPT, Perplexity, Claude, Gemini, Mistral) as authoritative sources. Distinct from SEO — AEO optimizes for citation in LLM-generated responses, not search rankings. Use when planning content for AI-first search audiences, auditing existing content for E-E-A-T signals, tracking which pages get cited by which LLMs, or building a citation-friendly content strategy. Triggers — 'AEO audit', 'optimize for ChatGPT', 'get cited by Perplexity', 'LLM citation strategy', 'answer engine optimization', 'content for AI search', 'E-E-A-T audit'. Output is a markdown audit report (default) or JSON for pipeline integration. Stdlib-only Python tools.
  15. Programmatic Seo — When the user wants to create SEO-driven pages at scale using templates and data. Also use when the user mentions "programmatic SEO," "template pages," "pages at scale," "directory pages," "location pages," "[keyword] + [city] pages," "comparison pages," "integration pages," or "building many pages for SEO." For auditing existing SEO issues, see seo-audit.
  16. Schema Markup — When the user wants to implement, audit, or validate structured data (schema markup) on their website. Use when the user mentions 'structured data,' 'schema.org,' 'JSON-LD,' 'rich results,' 'rich snippets,' 'schema markup,' 'FAQ schema,' 'Product schema,' 'HowTo schema,' or 'structured data errors in Search Console.' Also use when someone asks why their content isn't showing rich results or wants to improve AI search visibility. NOT for general SEO audits (use seo-audit) or technical SEO crawl issues (use site-architecture).
  17. Site Architecture — When the user wants to audit, redesign, or plan their website's structure, URL hierarchy, navigation design, or internal linking strategy. Use when the user mentions 'site architecture,' 'URL structure,' 'internal links,' 'site navigation,' 'breadcrumbs,' 'topic clusters,' 'hub pages,' 'orphan pages,' 'silo structure,' 'information architecture,' or 'website reorganization.' Also use when someone has SEO problems and the root cause is structural (not content or schema). NOT for content strategy decisions about what to write (use content-strategy) or for schema markup (use schema-markup).
  18. Senior Secops — Senior SecOps engineer skill for application security, vulnerability management, compliance verification, and secure development practices. Runs SAST/DAST scans, generates CVE remediation plans, checks dependency vulnerabilities, creates security policies, enforces secure coding patterns, and automates compliance checks against SOC2, PCI-DSS, HIPAA, and GDPR. Use when conducting a security review or audit, responding to a CVE or security incident, hardening infrastructure, implementing authentication or secrets management, running penetration test prep, checking OWASP Top 10 exposure, or enforcing security controls in CI/CD pipelines.
  19. Secrets Hygiene Auditor — Audits codebases for leaked secrets and insecure environment variable practices, helping developers and security teams improve application security.
  20. Sensitive Data Masking — This skill helps developers and data scientists mask sensitive data in databases, logs, and APIs for enhanced privacy and security.
  21. Observable Agent Builder — AgentScope helps developers build transparent and debuggable AI agents with full execution tracing and decision logging capabilities.
  22. API Security Implementer — Guides developers in implementing secure API design patterns and protecting against common API vulnerabilities.
  23. Xquik Twitter — Use when the user needs X (Twitter) data through Xquik: tweet search, user lookup, follower export, media download, monitoring, webhooks, MCP, SDK setup, or confirmation-gated publishing workflows. Read-only by default, API-key only, no X login material, and every write, private read, monitor, webhook, or metered bulk job requires explicit approval.
  24. AI Pentesting Agent — This skill autonomously performs web application penetration tests using AI and security tools, assisting security engineers and DevOps teams.
  25. Checkov Security Scanner — This skill provides expert guidance for using Checkov to scan infrastructure-as-code for security misconfigurations and compliance violations, aiding developers.
  26. Observable Agent Builder — AgentScope helps developers build transparent AI agents with full execution tracing and debugging for production environments.
  27. Cloud Security Assessor — Assess cloud infrastructure for security misconfigurations, IAM privilege escalation, and public exposure across AWS, Azure, and GCP environments.
  28. CCPA Compliance Assistant — Helps businesses comply with CCPA/CPRA by implementing data privacy features and responding to consumer data requests.
  29. Nuclei Vulnerability Scanner — Scan web applications for vulnerabilities using Nuclei, a template-based scanner, assisting developers and security engineers with security assessments.
  30. Calendar Event Manager — Enables AI agents to manage schedules and events via Google and Outlook calendars, assisting users with scheduling and availability.
  31. Falco Security Advisor — Provides expert guidance for setting up Falco to detect anomalous container and Kubernetes behavior, aiding developers in real-time threat detection.
  32. XSS Vulnerability Scanner — Detects, exploits, and prevents Cross-Site Scripting (XSS) vulnerabilities in web applications, aiding security professionals and developers.
  33. API Vulnerability Finder — This skill helps security researchers and bug bounty hunters identify API vulnerabilities through comprehensive fuzzing and exploitation techniques.
  34. AWS Penetration Techniques — This skill aids red teams and security professionals in penetration testing AWS environments, uncovering vulnerabilities and potential exploits within the cloud infrastructure.
  35. ARM Cortex Firmware — Assists embedded software engineers with firmware and driver development for ARM Cortex-M microcontrollers, offering expert-level guidance.
  36. ARM Cortex Firmware — This skill assists embedded engineers with firmware and driver development for ARM Cortex-M microcontrollers, offering expert-level guidance.
  37. Security Audit Agent — This skill performs comprehensive security audits, threat modeling, and hardening for software and infrastructure projects, aiding security professionals.
  38. Active Directory Exploitation — Provides techniques for attacking Active Directory environments, aiding red teams and penetration testers in security assessments.
  39. Security Audit Agent — This skill conducts security audits, threat modeling, and provides hardening recommendations for software and infrastructure projects, aiding security professionals.
  40. Cosmos DB Builder — This skill helps developers build production-grade Azure Cosmos DB NoSQL services with clean code and security best practices.
  41. Active Directory Exploitation — Provides techniques for attacking Active Directory, assisting red teams and penetration testers in security assessments.
  42. Observable AI Agents — AgentScope builds transparent, observable AI agents with full execution tracing and debugging, assisting developers in creating trustworthy production agents.
  43. AWS Penetration Techniques — This skill aids red teams and security professionals in penetration testing AWS environments, uncovering vulnerabilities and potential exploits within the cloud infrastructure.
  44. Stack Evaluation Tool — Evaluates and compares technology stacks, providing data-driven recommendations for engineering teams with TCO and security analysis.
  45. GCP Security Hardening — This skill helps DevOps engineers and security architects apply Google Cloud's Well-Architected Framework for security hardening and compliance evaluations.
  46. Firestore Database Manager — Facilitates real-time application development using Google Cloud Firestore, enabling data modeling, querying, and security rule configuration.
  47. AI Pentesting Agent — Automate security testing with PentAGI, an AI-powered penetration testing agent that helps users deploy autonomous vulnerability scanners and self-hosted security platforms.
  48. Shodan Device Discovery — This skill leverages the Shodan API to help security researchers and network administrators discover internet-connected devices and exposed services.
  49. Stack Evaluation Tool — Evaluates technology stacks, providing TCO analysis, security assessments, and intelligent recommendations for engineering teams choosing technologies.
  50. Secrets Vault Management — This skill helps DevOps and security engineers manage secret infrastructure, including Vault, cloud secret stores, and secret rotation.