Explore AI Agent Skills & Claude Prompts

ccpa

by Sushegaad

star 656

California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) compliance advisor — business threshold analysis, consumer rights fulfillment (access, delete, correct, opt-out of sale/sharing, limit SPI), privacy notice drafting, service provider vs. contractor vs. third-party classification, sensitive personal information (SPI) handling, data minimization, opt-out mechanisms, CPPA enforcement, penalty exposure, GDPR comparison, and gap assessments for businesses operating in or targeting California residents.

cis-controls

by Sushegaad

star 656

Expert CIS Controls v8 (CIS Top 18) advisor — implementation group scoping (IG1/IG2/IG3), control gap assessments, safeguard-level guidance, asset inventory, software inventory, data protection, secure configuration, account management, access control, continuous vulnerability management, audit log management, email and web browser protections, malware defenses, network infrastructure management, network monitoring and defense, application software security, incident response, penetration testing, and CIS Controls mapping to NIST CSF, ISO 27001, SOC 2, and CMMC. Use for any question about CIS Controls, CIS Benchmarks, Implementation Groups, or prioritized cyber hygiene for any organization size.

cmmc

by Sushegaad

star 656

Expert CMMC 2.0 (Cybersecurity Maturity Model Certification) advisor for US defense contractors and subcontractors in the Defense Industrial Base (DIB). Use this skill whenever a user asks about CMMC 2.0, CMMC Level 1, Level 2, or Level 3, DoD cybersecurity compliance, NIST SP 800-171, CUI (Controlled Unclassified Information) protection, System Security Plan (SSP), Plan of Action & Milestones (POA&M), C3PAO assessments, DIBCAC audits, self-assessment, SPRS score, or any requirement under DFARS 252.204-7012 or 7021. Also trigger for: "CMMC gap analysis", "CMMC readiness", "FCI protection", "CUI scoping", "CMMC practices", "DoD contract cybersecurity", "defense supply chain security", or "prime contractor flow-down requirements".

csrd

by Sushegaad

star 656

Expert CSRD (Corporate Sustainability Reporting Directive, EU 2022/2464) compliance advisor. Use this skill whenever a user asks about CSRD, European Sustainability Reporting Standards (ESRS), double materiality assessment, sustainability reporting obligations, ESG disclosure, CSRD scope and thresholds, value chain reporting, XBRL digital tagging, third-party assurance, CSRD gap assessments, CSRD implementation timelines, ESRS E1–E5 environmental standards, ESRS S1–S4 social standards, ESRS G1 governance, CSRD vs GRI/TCFD/SASB alignment, or any EU corporate sustainability reporting question. Trigger even if the user only mentions "ESG reporting Europe", "sustainability disclosure EU", or "non-financial reporting".

dora

by Sushegaad

star 656

Expert DORA (Regulation (EU) 2022/2554 — Digital Operational Resilience Act) compliance advisor for EU financial entities. Use this skill whenever a user asks about DORA compliance, ICT risk management frameworks, ICT incident classification or reporting, threat-led penetration testing (TLPT), ICT third-party risk management, Register of Information, contractual provisions with ICT providers, ICT concentration risk, oversight of critical ICT third-party service providers (CTPPs), or any DORA RTS/ITS obligation. Also trigger for: "DORA gap analysis", "DORA readiness", "Art. 6 ICT risk framework", "Art. 17 incident reporting", "Art. 26 TLPT", "Art. 28 third-party policy", "Art. 30 contractual provisions", "Register of Information CIR 2024/2956", "critical TPSP designation", "DORA vs NIS2", "DORA simplified framework", or EBA/ESMA/EIOPA digital resilience guidance.

dpdpa

by Sushegaad

star 656

Expert India Digital Personal Data Protection Act, 2023 (DPDPA) compliance advisor. Use this skill whenever a user asks about the DPDPA, DPDP Act, DPDP Rules 2025, India data privacy law, Data Fiduciary obligations, Data Principal rights, Significant Data Fiduciary, Data Protection Board of India, consent under DPDPA, notice requirements, breach notification India, children's data India, cross-border data transfer India, India privacy compliance, DPDPA gap analysis, DPDPA vs GDPR, or any obligation under India's personal data protection framework. Also trigger for: "Section 6 consent", "Section 7 legitimate uses", "Section 9 children's data", "Section 10 SDF", "Section 16 cross-border", "Rule 6 breach notification", "Rule 13 SDF obligations", "Data Protection Board complaint", "verifiable parental consent India", "DPDPA compliance roadmap", or "India privacy law global company".

ear

by Sushegaad

star 656

Export Administration Regulations (EAR, 15 CFR Parts 730-774) compliance advisor — ECCN classification across all 10 CCL categories and 5 product groups (A-E), EAR99 determination, jurisdiction analysis (EAR vs ITAR order of review), license requirement analysis via Country Chart, all license exceptions (LVS, GBS, CIV, TMP, RPL, GOV, TSU, ENC, TSR, APP, BAG, AVS, ACE), end-user/end-use controls (Entity List, Denied Persons List, Unverified List, MEU List), deemed export rules, Foreign Direct Product Rule (FDPR), de minimis thresholds, 10 General Prohibitions, SNAP-R license applications, voluntary self-disclosure, civil/criminal penalties, Export Compliance Program (ECP) design, and EAR vs ITAR jurisdiction determination. Use for any dual-use export control, CCL classification, or BIS compliance question.

eu-ai-act

by Sushegaad

star 656

EU AI Act (Regulation (EU) 2024/1689) compliance advisor — risk classification across all four tiers, all 9 prohibited practices (Art. 5, including the nudification/CSAM prohibition added by the AI Omnibus May 2026), all 8 Annex III high-risk use case areas, provider and deployer obligations (Arts. 9–17, 26), GPAI model obligations including the July 2025 Code of Practice (Arts. 51–55), conformity assessment and CE marking (Arts. 43–48), EU AI database registration, Art. 50 transparency (chatbots, synthetic media, AI-generated content), governance (AI Office, AI Board), penalties (Art. 99), updated phase-in timeline (AI Omnibus extended Annex III to 2 Dec 2027 and Annex I to 2 Aug 2028), and cross-framework mapping to ISO 42001, NIST AI RMF, and GDPR. Use for any EU AI regulation, AI system classification, or AI compliance question. Current as of May 2026.

eu-cra

by Sushegaad

star 656

Expert EU Cyber Resilience Act (CRA) advisor for Regulation (EU) 2024/2847 — mandatory cybersecurity and vulnerability handling requirements for all products with digital elements (PDEs) sold in the EU. Use this skill for gap analysis, product classification (Default / Class I / Class II), conformity assessment route selection, CE marking, SBOM requirements, vulnerability and incident reporting to ENISA/CSIRTs, support period obligations, and manufacturer/importer/distributor duties. Trigger for EU CRA, Cyber Resilience Act, PDE compliance, Annex I requirements, SBOM EU, CE marking cybersecurity, or connected product security EU.

fedramp

by Sushegaad

star 656

Expert guidance for FedRAMP certification and compliance. Use this skill whenever a user asks about FedRAMP authorization, ATO (Authority to Operate), cloud security for federal government, NIST SP 800-53 controls, CSP compliance, or any of the core FedRAMP document types: SSP, SAP, SAR, POA&M, CIS/CRM workbooks. Also trigger for questions about FedRAMP impact levels (Low, Moderate, High, LI-SaaS), FedRAMP 20x, OSCAL, 3PAO assessments, continuous monitoring (ConMon), gap assessments, system boundary definition, FedRAMP readiness, or architecture reviews for federal cloud. When in doubt, use this skill — it covers the full FedRAMP lifecycle from readiness through continuous monitoring.

gdpr-compliance

by Sushegaad

star 656

Expert GDPR compliance assistant covering all four core workflows: (1) auditing code and systems for GDPR violations, (2) drafting GDPR-compliant documents such as privacy policies, Data Processing Agreements (DPAs), and consent notices, (3) answering GDPR compliance questions with authoritative article citations, and (4) reviewing data flows and PII handling practices. Use this skill whenever the user mentions GDPR, data protection, privacy compliance, lawful basis, data subject rights, DPA, privacy notices, consent management, data breaches, DPIAs, controller/ processor relationships, cross-border data transfers, or any EU/UK data privacy topic. Also trigger for questions like "is this GDPR compliant?", "how do I handle personal data?", "what does a privacy policy need?", or any request involving PII, personal data, or data retention in a regulatory context.

hipaa-compliance

by Sushegaad

star 656

Expert HIPAA compliance assistant for healthcare and software contexts. Use this skill whenever the user mentions HIPAA, PHI (Protected Health Information), ePHI, covered entities, business associates, healthcare data privacy, medical records, health information security, BAA (Business Associate Agreements), or any compliance review involving patient data. Also trigger for requests to draft privacy notices, HIPAA policies, consent forms, security risk assessments, or breach notification letters. Use for developers building healthcare software who need technical safeguard guidance (encryption, access controls, audit logs), compliance officers reviewing documents or procedures, and anyone asking "is this HIPAA compliant?" or "what does HIPAA require for X?". When in doubt about whether a healthcare or data privacy question falls under this skill — use it.