complisec

ACTIVATE on ANY request that involves writing, generating, reviewing, modifying, or outputting source code in any programming language — Python, JavaScript, TypeScript, Go, Java, Rust, C#, SQL, Terraform, or any other. This includes functions, endpoints, scripts, migrations, infrastructure-as-code, config files with logic, and code snippets in responses. Every piece of code the LLM produces must include structured audit logging for security-relevant operations. Also activate when the user asks about audit logs, compliance logging, or traceability. Ensures NIS2 and ISO 27001 compliant logging (structured, no string interpolation, no secrets in logs).

ACTIVATE when making changes that affect critical assets: deployments, database migrations, schema changes, Terraform/IaC modifications, access control or IAM changes, firewall rules, TLS certificates, environment variables on production, or dependency upgrades. Ensures every change is documented, impact-assessed, approved, and reversible per NIS2 Art. 21(2)(e) and ISO 27001 A.8.32.

ACTIVATE when the user asks about centralising compliance records, log collection, audit trail persistence, log retention, SIEM integration, or agent observability. Central collection point for all complisec output: audit logs, incident records, change records, and vendor assessments. Configures immutable cloud storage and optionally connects observability platforms.

../../SKILL.md

ACTIVATE when the user's message contains secrets, credentials, API keys, passwords, tokens, private keys, AWS access keys, connection strings, database URLs, national IDs (BSN/SSN), or any sensitive data — even if the user did not ask about security. Also activate when asked to classify data, scan for PII, or review code for credential exposure. This skill BLOCKS secrets in prompts and enforces EU data protection rules (GDPR, NIS2, ISO 27001).