Loading...
Loading...
Found 99 Skills
Run Prowler for comprehensive cloud security posture assessment. Audits AWS, Azure, and GCP against CIS Benchmarks, PCI-DSS, HIPAA, GDPR, and other compliance frameworks.
Audit, implement, and remediate Digital Personal Data Protection Act 2023 (DPDPA) compliance in any application codebase. Use this skill whenever the user mentions DPDPA, Indian data protection, personal data handling for Indian users, consent management, data breach notification, children's data protection in India, cross-border data transfer from India, privacy policy for Indian apps, Data Fiduciary obligations, Data Principal rights, or compliance auditing for Indian privacy law. Also trigger when the user asks to "audit my app for privacy", "check data protection compliance", "implement consent flows", "add breach notification", "handle children's data", "add data deletion/erasure", "implement right to access", "GDPR equivalent in India", or any task involving personal data processing for users in India. This skill covers code-level implementation, architecture review, compliance auditing with remediation, and organizational/process guidelines that fall outside application code.
Application security covering threat modeling (STRIDE), OWASP Top 10 (2025), OWASP API Security Top 10 (2023), secure coding review, authentication/authorization patterns, input validation, encryption, security headers, supply chain security, compliance (GDPR/HIPAA/SOC2/PCI-DSS), and security monitoring. Use when reviewing code for vulnerabilities, implementing auth patterns, securing APIs, configuring security headers, hardening supply chain, preventing injection attacks, or preparing for compliance audits.
Use when building email features, emails going to spam, high bounce rates, setting up SPF/DKIM/DMARC authentication, implementing email capture, ensuring compliance (CAN-SPAM, GDPR, CASL), handling webhooks, retry logic, or deciding transactional vs marketing.
Set up Sveltia CMS - lightweight Git-backed CMS successor to Decap/Netlify CMS (300KB bundle, 270+ fixes). Framework-agnostic for Hugo, Jekyll, 11ty, Astro. Prevents 10 documented errors. Use when adding CMS to static sites, migrating from Decap CMS, or fixing OAuth, YAML parse, datetime timezone, GDPR font loading, or CORS/COOP errors.
Track compliance requirements and audit readiness. Trigger with "compliance", "audit prep", "SOC 2", "ISO 27001", "GDPR", "regulatory requirement", or when the user needs help tracking, preparing for, or documenting compliance activities.
Provides legal guidance for contracts, compliance, intellectual property, data privacy, and regulatory matters. Use when reviewing contracts, ensuring compliance, protecting IP, or navigating technology law. Triggers include "contract review", "terms of service", "GDPR", "privacy policy", "intellectual property", "licensing", "compliance".
Эксперт по compliance отчётам. Используй для SOX, GDPR, HIPAA, SOC 2 аудитов и документации соответствия.
SMS marketing strategy — opt-in collection, compliance (TCPA/GDPR), campaign types, automation triggers, segmentation, timing, two-way messaging, MMS, and analytics. Covers strategy and implementation across Omnisend, Klaviyo, Attentive, Postscript, Brevo, ActiveCampaign, Mailchimp, and more. Use when planning SMS campaigns, collecting SMS opt-ins, designing SMS automations, choosing an SMS platform, or ensuring SMS compliance. Do NOT use for email marketing (use /sales-email-marketing), push notifications (use /sales-push-notification), cold outbound sequences (use /sales-cadence), or platform-specific config (use /sales-omnisend, /sales-klaviyo, /sales-brevo, etc.). For Omnisend-specific help, use /sales-omnisend. For Klaviyo-specific help, use /sales-klaviyo.
Legal and compliance expertise for corporate governance, contract analysis, regulatory compliance (SOX, GDPR, HIPAA), risk assessment, intellectual property, and litigation management. Use when reviewing contracts, ensuring compliance, or managing legal risk.
Guides privacy research engineering for safeguards—PII and sensitive-data detection research, redaction and de-identification evals, memorization and extraction risk studies, privacy benchmarks and labeled corpora, logging/retention minimization for safety pipelines, and research memos on privacy–utility trade-offs for guardrail systems. Use when measuring PII detector quality, designing privacy eval suites for moderation stacks, studying training-data leakage or prompt logging risk, or recommending privacy mitigations for safeguard models—not for SOC 2/GDPR evidence automation (compliance-engineer), legal DPIA or AI policy (ai-risk-governance), harm/toxicity classifier R&D (ml-research-engineer-safeguards), production inference gateways (ml-infrastructure-engineer-safeguards), or general non-privacy research (ai-researcher).
Security & compliance skill suite providing OWASP scanning, CVE detection, GDPR/SOC2 audits, threat modeling, and incident response workflows for AI coding agents