cursor-compliance-audit

Compliance and security auditing for Cursor IDE usage: SOC 2, GDPR, HIPAA assessment, evidence collection, and remediation. Triggers on "cursor compliance", "cursor audit", "cursor security review", "cursor soc2", "cursor gdpr", "cursor data governance".

Quality

88%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Passed

No known issues

Quality

Content

77%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This is a strong compliance auditing skill with highly actionable checklists, clear remediation workflows with verification steps, and good coverage across SOC 2, GDPR, and HIPAA frameworks. Its main weakness is that the substantial content is entirely inline in a single file, which could benefit from progressive disclosure via bundle files. The content is mostly concise for its scope but could trim some explanatory context that compliance-savvy Claude wouldn't need.

Suggestions

Split detailed audit checklists and remediation playbooks into separate bundle files (e.g., SOC2_CHECKLIST.md, REMEDIATION.md) and reference them from the main SKILL.md overview.

Trim the GDPR individual rights table and certification status table to only include information that directly drives Claude's actions, rather than reference information Claude could look up.

Dimension	Reasoning	Score
Conciseness	The content is reasonably well-organized but includes some information that could be tightened. The data processing architecture diagram and certification table are useful, but some sections like the GDPR individual rights table and enterprise considerations contain information that's more reference material than actionable guidance. The overall length is substantial but mostly justified by the breadth of compliance frameworks covered.	2 / 3
Actionability	The skill provides highly concrete, actionable checklists with specific steps, exact file paths, specific .cursorignore patterns, precise dashboard navigation paths, and clear remediation procedures. Each finding includes severity, risk description, and numbered remediation steps with verification actions.	3 / 3
Workflow Clarity	Multi-step remediation workflows are clearly sequenced with explicit verification steps (e.g., 'Verify enforcement: check each member's status in dashboard', 'Confirm sensitive files absent from indexed list'). The audit checklists include evidence collection requirements at each stage, and the HIPAA section includes a clear escalation ('CRITICAL: Consult your compliance team before any Cursor usage').	3 / 3
Progressive Disclosure	The content is well-structured with clear section headers and logical organization across compliance frameworks, but it's a monolithic document that could benefit from splitting detailed checklists and remediation playbooks into separate referenced files. The Resources section at the end provides external links but no internal bundle references exist to offload the substantial inline content.	2 / 3
	Total	10 / 12 Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is a strong skill description that clearly defines its domain (compliance/security auditing for Cursor IDE), lists specific capabilities (SOC 2, GDPR, HIPAA assessment, evidence collection, remediation), and provides explicit trigger terms. The description uses proper third-person voice and is concise without being vague. Minor improvement could include mentioning a few more natural language variations beyond the 'cursor' prefix pattern.

Dimension	Reasoning	Score
Specificity	Lists multiple specific concrete actions: 'SOC 2, GDPR, HIPAA assessment, evidence collection, and remediation' — these are distinct, concrete capabilities beyond just naming a domain.	3 / 3
Completeness	Clearly answers both 'what' (compliance and security auditing for Cursor IDE: SOC 2, GDPR, HIPAA assessment, evidence collection, remediation) and 'when' (explicit triggers listed with 'Triggers on...' clause).	3 / 3
Trigger Term Quality	Includes explicit natural trigger terms like 'cursor compliance', 'cursor audit', 'cursor security review', 'cursor soc2', 'cursor gdpr', 'cursor data governance' — these are terms users would naturally say when needing this skill.	3 / 3
Distinctiveness Conflict Risk	Highly distinctive — the combination of 'Cursor IDE' with specific compliance frameworks (SOC 2, GDPR, HIPAA) creates a clear niche that is unlikely to conflict with other skills. The 'cursor' prefix on all trigger terms further reduces conflict risk.	3 / 3
	Total	12 / 12 Passed

Validation

81%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 9 / 11 Passed

Validation for skill structure

Criteria	Description	Result
allowed_tools_field	'allowed-tools' contains unusual tool name(s)	Warning
frontmatter_unknown_keys	Unknown frontmatter key(s) found; consider removing or moving to metadata	Warning

	Total	9 / 11 Passed

Repository: jeremylongshore/claude-code-plugins-plus-skills
Commit: b0b1431

Reviewed: 5 days ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.