canon_skill

This skill evaluates code against established standards, cites sections, and delivers prioritized remediation to improve security, accessibility, and API
  • Shell

8

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill simota/agent-skills --skill canon

  • SKILL.md6.8 KB

Overview

This skill assesses software, APIs, and infrastructure against industry standards and produces prioritized, evidence-backed remediation plans. It identifies applicable standards (OWASP, WCAG, OpenAPI, ISO 25010, 12‑Factor, etc.), measures compliance levels, and cites specific clauses or sections to justify findings. The output is a pragmatic compliance report with cost‑benefit guidance and handoff recommendations for implementation and verification.

How this skill works

Provide a target (codebase, API spec, architecture docs or specific files) and Canon maps applicable standards to the scope, inspects artifacts, and records evidence with file:line references. Each requirement is rated (Compliant/Partial/Non‑compliant/N/A), classified by severity, and paired with concrete remediation steps, estimated effort, and the recommended remediation owner (Builder, Sentinel, Palette, etc.). The agent produces an executive summary plus a prioritized remediation backlog and verification checklist.

When to use it

  • Preparing for a security or accessibility audit (OWASP, WCAG).
  • Validating API contracts for OpenAPI / RFC conformance before release.
  • Assessing software quality against ISO 25010 or internal quality gates.
  • Prioritizing remediation work after a vulnerability scan or accessibility crawl.
  • Selecting which standards apply when multiple frameworks overlap.

Best practices

  • Start by declaring the target scope and desired compliance level (e.g., WCAG AA, OWASP ASVS level 2).
  • Provide access to code, specs, and deployment configs to produce concrete evidence (file:line).
  • Treat severity and business impact separately: high severity with low business impact may still require rapid remediation.
  • Use Canon’s citations when delegating fixes—include section numbers and exact requirement text.
  • Log decisions and exceptions in project journal to preserve rationale for audits and future reviews.

Example use cases

  • Run an OWASP ASVS check on a web application's auth flows and get prioritized fixes for critical injection and broken auth items.
  • Evaluate an OpenAPI 3.x spec for RFC conformance and receive a list of schema errors, endpoint deviations, and suggested fixes.
  • Audit a dashboard for WCAG AA issues, with exact page elements, WAI‑ARIA recommendations, and remediation owners.
  • Map an existing microservice architecture to 12‑Factor and CNCF best practices, with a phased migration plan and cost estimates.

FAQ

No. Canon identifies gaps, cites standards, and recommends remediation owners. Implementation is handed off to Builder, Sentinel, or Palette as appropriate.

Will Canon make legal or regulatory compliance decisions?

No. Canon maps standards and highlights potential regulatory overlaps but advises consulting legal or compliance professionals for final determinations.

What evidence format does Canon provide?

Evidence includes Standard Reference · Requirement · Evidence Location (file:line) · Status · Finding · Recommendation · Priority · Remediation Agent.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
canon skill by simota/agent-skills | VeilStrat