Loading...
Loading...
Found 821 Skills
Security leadership for growth-stage companies. Risk quantification in dollars, compliance roadmap sequencing (SOC 2, ISO 27001, HIPAA, GDPR), security architecture strategy, incident response leadership, vendor security assessment, and board-level security reporting. Use when building security programs, justifying security budget, selecting compliance frameworks, managing incidents, assessing vendor risk, preparing for audits, or when user mentions CISO, security strategy, compliance, zero trust, board security, risk assessment, incident response, SOC 2, ISO 27001, HIPAA, GDPR, penetration testing, or vulnerability management.
Senior ISMS Audit Expert for internal and external information security management system auditing. Provides ISO 27001 audit expertise, security audit program management, security control assessment, and compliance verification. Use for ISMS internal auditing, external audit preparation, security control testing, and ISO 27001 certification support.
Implement comprehensive cloud security across AWS, Azure, and GCP with IAM, encryption, network security, compliance, and threat detection.
Security and privacy specialist for differential privacy, encryption, and complianceUse when "privacy, encryption, differential privacy, PII, GDPR, CCPA, access control, audit trail, data retention, privacy, security, encryption, differential-privacy, gdpr, ccpa, pii, opendp, ml-memory" mentioned.
Amazon Bedrock AgentCore Policy for defining agent boundaries using natural language and Cedar. Deterministic policy enforcement at the Gateway level. Use when setting agent guardrails, access control, tool permissions, or compliance rules.
Expert knowledge of research grant compliance requirements, deliverables tracking, and funder expectations. Use when reviewing work against grant specifications, preparing progress reports, or ensuring alignment with funding requirements from NSF, NIH, EU, and other agencies.
Run Prowler for comprehensive cloud security posture assessment. Audits AWS, Azure, and GCP against CIS Benchmarks, PCI-DSS, HIPAA, GDPR, and other compliance frameworks.
Run testssl.sh to analyze TLS/SSL configurations. Checks cipher suites, protocols, certificate validity, known vulnerabilities (Heartbleed, POODLE, ROBOT), and compliance.
Comprehensive paid advertising audit and optimization for any business type. Performs full multi-platform audits (Google Ads, Meta Ads, LinkedIn Ads, TikTok Ads, Microsoft Ads), single-platform deep analysis, conversion tracking health checks, creative quality assessment, budget allocation optimization, bidding strategy evaluation, and compliance verification. Industry detection for SaaS, e-commerce, local service, B2B enterprise, info products, mobile app, real estate, healthcare, finance, and agency. Triggers on: "ads", "PPC", "paid advertising", "Google Ads", "Meta Ads", "Facebook Ads", "LinkedIn Ads", "TikTok Ads", "Microsoft Ads", "Bing Ads", "ad audit", "campaign audit", "ROAS", "conversion tracking", "creative fatigue", "bid strategy".
Reviews and grades an agent skill directory (SKILL.md plus supporting resources) for specification compliance, clarity, token efficiency, safety, robustness, and portability. Use when a user wants a rubric-based critique with a weighted score/grade and concrete, minimal patch suggestions.
Create security architecture diagrams using PlantUML syntax with identity, encryption, firewall, and compliance stencil icons. Best for IAM flows, zero-trust architectures, encryption pipelines, compliance auditing, and threat detection. NOT for general cloud infra (use cloud skill) or simple flowcharts (use mermaid).
Parses Software Bill of Materials (SBOM) in CycloneDX and SPDX JSON formats to identify supply chain vulnerabilities by correlating components against the NVD CVE database via the NVD 2.0 API. Builds dependency graphs, calculates risk scores, identifies transitive vulnerability paths, and generates compliance reports. Activates for requests involving SBOM analysis, software composition analysis, supply chain security assessment, dependency vulnerability scanning, CycloneDX/SPDX parsing, or CVE correlation.