The library

aims-audit · AI systems needing pre-deployment safety and compliance validation.

healthcare-core · When defining the interlocking safety and privacy rules that every healthcare feature must follow.

healthcare-phi-compliance · When you need to handle patient health information and must ensure HIPAA/DISHA/GDPR compliance.

capa-officer · When planning engineering headcount for a multi-quarter roadmap and want to validate feasibility before committing.

chief-data-officer-advisor · Using this artifact when the standard alternative doesn't fit your constraints.

ciso-advisor · Security leadership for growth-stage companies.

ciso-review · /cs:ciso-review <plan> — Risk-paranoid interrogation of any plan that touches data, compliance, or production access.

cloud-security · Use when assessing cloud infrastructure for security misconfigurations, IAM privilege escalation paths, S3 public exposure, open security group rules, or IaC...

compliance-os · Companies selling to enterprises need compliance OS (controls, audit logs, data classification, periodic testing) embedded as operational routine rather than ad-hoc projects.

compliance-readiness · "/cs:compliance-readiness <program> — Multi-framework compliance officer 6-question forcing interrog

contract-and-proposal-writer · Use when drafting a freelance contract, preparing a client proposal, writing an SOW for a new engagement, or producing an NDA before sharing sensitive material

cs-quality-regulatory · Structured regulatory strategy and audit preparation for medical device and healthcare companies.

pii-redaction-logging-policy-builder · Compliance-heavy products; automated policy generation reduces manual review burden.

eu-ai-act-specialist · Regulatory compliance when you need EU AI Act risk-based system classification.

fda-consultant-specialist · When you face FDA premarket approval decisions and need pathway selection, QSR compliance, and HIPAA/cybersecurity assessment.

fda-qsr-audit-prep · When you need to audit medical device QSR posture before internal review, FDA inspection, or Form 483 response.

prediction-market-risk-review · When a trading agent, portfolio tool, or oracle integrations touches venue auth, portfolio data, or execution capabilities.

gc-review · Quick legal risk screening before executive sign-off or escalation.

gdpr-audit-prep · Pre-DPA-investigation audits that force explicit Article-by-Article interrogation instead of generic checklists

gdpr-dsgvo-expert · Annual GDPR refresh that logs all data handling patterns and generates audit-ready DPIA documentation programmatically

general-counsel-advisor · Term sheet and contract triage that flags the three places 5% of founder equity quietly disappears before escalating to outside counsel

incident-response · Organizing rapid incident response with documentation and triage.

information-security-manager-iso27001 · Establishing and maintaining ISO 27001 compliance and information security management.

isms-audit-expert · Auditing public-facing docs and code for bias and exclusionary language at scale.

iso13485-audit-prep · When you need structured iso13485 readiness before certification audits.

recon · When mapping attack surface and infrastructure requires automated passive + active enumeration across domains and ASNs.

iso27001-audit-prep · When you need structured iso27001 readiness before certification audits.

iso42001-specialist · When running internal audits of AI systems against ISO 42001 with risk-register traceability to controls.

repo-scan · onboarding a legacy codebase, planning a refactor, or auditing embedded dependencies across C++, Android,

ma-playbook · C-level strategy around acquisitions or preparing a company for acquisition

clean-room-skill · Collaborating on customer or research data where privacy regulations require isolation and masking

scientific-db-uspto-database · Executing scientific-db-uspto-database skill with targeted automation.

patent · Finding prior art that falsifies a specific novelty claim rather than generic patent searching.

regulatory-affairs-head · MedTech companies navigating 510(k), De Novo, PMA, or CE marking pathways.

rfp-responder · Bid Managers / Proposal Leads when RFP response strategy must surface fit % and honest winrate before pursuit budget.

redteam-regulierungsrisiko · Stress-test infrastructure projects before they become regulatory fixtures

soc2-audit-prep · Pre-observation, mid-period checkpoint, or pre-field-test month-10 readiness forcing questions

threat-detection · Threat intelligence teams hunting for attacker TTPs that evaded automated controls before alerts fire.

business-ethics-and-governance · Diagnosing corporate scandals and designing governance structures that scale beyond founder ethics.

contracts-and-business-law · Non-lawyers evaluating commercial risk and preparing briefs for counsel.

data-privacy · Helping learners make informed decisions about what personal data to share and with whom.

public-policy · Use when implementing public-policy is more cost/time-effective than generic alternative.

environmental-justice · Supporting frontline communities in demanding equitable pollution control and remediation

KILN_AGENT_SKILL · Deploying Tezos contracts with validation, audit, and simulation gates before mainnet.

food-policy-and-politics · When you need to understand how nutrition science becomes dietary guidance and industry influence.

compliance-governance · compliance, governance, and supply chain security guidance for cloud-native systems

playbook-quellenkarte · Verifying German legal authorities and citing laws with current status in professional documents.

meldung-grenzueberschreitend · Determining lead authority and multi-jurisdiction compliance for GDPR data breaches under Art. 56 DSGVO

datenexport-portabilitaet · When implementing data portability rights (GDPR Art. 20) or migration tooling.

forderungen-interessen-matrix · Navigating multi-stakeholder projects when you need to identify whose buy-in actually matters.