compliance-auditor_skill

This skill automates regulatory audits and continuous monitoring for SOC2 HIPAA GDPR and PCI-DSS, generating reports and maintaining compliance posture.
  • TypeScript

6

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill dexploarer/hyper-forge --skill compliance-auditor

  • SKILL.md4.6 KB

Overview

This skill automates compliance auditing and continuous monitoring for SOC2, HIPAA, GDPR, and PCI-DSS. It scans codebases, infrastructure, and logs to detect gaps, generates prioritized findings, and produces evidence-ready reports to support audits. The skill integrates into CI/CD pipelines to enforce controls and maintain an up-to-date compliance posture.

How this skill works

The auditor inspects source code, configuration, and logs to detect hardcoded secrets, PHI/PII exposures, missing encryption, and inadequate logging. It maps findings to specific controls or regulatory requirements, scores the overall posture, and outputs actionable remediation guidance. Integration points include pre-commit/CI scans, scheduled monitoring, and report exports for external auditors.

When to use it

  • Preparing for SOC2, HIPAA, GDPR, or PCI-DSS assessments
  • Automating compliance checks in CI/CD pipelines
  • Detecting PHI/PII or secrets leakage in code and logs
  • Maintaining continuous monitoring and evidence collection
  • Prior to external audits or third-party assessments

Best practices

  • Run automated scans at least weekly and on every pull request
  • Enforce findings as gates in CI/CD for critical/high severity issues
  • Maintain centralized logging and retain audit logs according to regulatory retention requirements
  • Rotate encryption keys and enforce strong encryption (AES-256, TLS 1.2+)
  • Document controls, remediation steps, and evidence artifacts for audit traceability

Example use cases

  • SOC2 Type II readiness: scan repos and infra for access, encryption, and logging controls
  • HIPAA compliance: detect PHI in logs, verify encryption at rest, and validate access logging
  • GDPR readiness: identify PII locations, verify consent flows, and confirm retention policies
  • PCI-DSS checks: validate cardholder data protections, segmentation, and regular security testing
  • Continuous compliance: integrate with CI to block code that introduces critical compliance regressions

FAQ

SOC2, HIPAA, GDPR, and PCI-DSS are supported with control mappings and tailored checks.

How are severity and remediation prioritized?

Findings are rated (e.g., CRITICAL, HIGH) based on impact and control mapping; the report includes suggested remediation steps and references to the specific control or regulation.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
compliance-auditor skill by dexploarer/hyper-forge | VeilStrat