cursor-compliance-audit
tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill cursor-compliance-auditExecute compliance and security auditing for Cursor usage. Triggers on "cursor compliance", "cursor audit", "cursor security review", "cursor soc2", "cursor gdpr". Use when analyzing or auditing cursor compliance audit. Trigger with phrases like "cursor compliance audit", "cursor audit", "cursor".
Validation
81%| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 13 / 16 Passed | |
Implementation
22%This skill provides a skeletal framework for compliance auditing but lacks the concrete, actionable guidance needed to be useful. The instructions are abstract descriptions rather than executable procedures, and critical details like specific audit checklists, evidence collection commands, or framework-specific requirements are entirely missing. The skill would benefit significantly from concrete audit procedures, specific configuration checks, and detailed checklists for each compliance framework.
Suggestions
Add concrete audit checklists for each compliance framework (SOC 2, GDPR, HIPAA) with specific settings to verify and commands to run
Include specific Cursor admin panel locations and settings to check, with expected compliant values
Add validation steps after each audit phase (e.g., 'Verify all access logs exported successfully before proceeding')
Provide a concrete example of an audit finding with remediation steps rather than just referencing an external examples file
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is relatively brief but includes some unnecessary framing ('This skill helps...') and generic prerequisites that Claude would understand. The actual instructions are too high-level to be useful. | 2 / 3 |
Actionability | Instructions are vague and abstract ('Review Cursor's compliance certifications', 'Conduct access control audit') with no concrete commands, specific steps, checklists, or executable guidance. Describes what to do rather than how to do it. | 1 / 3 |
Workflow Clarity | Steps are listed but lack any detail on how to execute them. No validation checkpoints, no feedback loops for audit findings, and no specific procedures for the compliance frameworks mentioned (SOC 2, GDPR, HIPAA). | 1 / 3 |
Progressive Disclosure | References external files for errors and examples which is good structure, but the main content is too thin to serve as a useful overview. The skill offloads too much to external files without providing actionable core content. | 2 / 3 |
Total | 6 / 12 Passed |
Activation
40%This description suffers from circular, vague language that fails to explain what the skill actually does beyond 'auditing'. While it attempts to provide trigger terms, including the bare 'cursor' keyword is problematic and would cause false matches. The description needs concrete actions (e.g., 'generates compliance reports', 'checks data handling policies', 'reviews security configurations').
Suggestions
Replace vague 'Execute compliance and security auditing' with specific actions like 'Generates SOC2 compliance reports, audits data handling policies, reviews security configurations for Cursor IDE usage'
Remove the overly generic 'cursor' trigger term - keep only the qualified terms like 'cursor compliance', 'cursor audit', 'cursor security review'
Fix the circular 'Use when analyzing or auditing cursor compliance audit' to clearly state the use case, e.g., 'Use when the user needs to verify Cursor IDE meets compliance requirements or prepare for security audits'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description uses vague language like 'Execute compliance and security auditing' without listing concrete actions. It doesn't specify what the skill actually does - no mention of what gets analyzed, what reports are generated, or what specific compliance checks are performed. | 1 / 3 |
Completeness | Has a 'Use when' clause and explicit triggers, but the 'what' is extremely weak - 'analyzing or auditing cursor compliance audit' is circular and doesn't explain what the skill actually does. The when is present but the what is essentially missing. | 2 / 3 |
Trigger Term Quality | Includes some relevant keywords like 'cursor compliance', 'cursor audit', 'cursor security review', 'cursor soc2', 'cursor gdpr'. However, the final trigger 'cursor' alone is far too generic and would cause false positives. Missing natural variations users might say. | 2 / 3 |
Distinctiveness Conflict Risk | The compliance/audit focus provides some distinctiveness, but the overly broad trigger term 'cursor' alone would cause conflicts with any Cursor-related skill. The SOC2/GDPR terms help narrow scope but the generic 'cursor' undermines this. | 2 / 3 |
Total | 7 / 12 Passed |
Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.