generating-compliance-reports
tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill generating-compliance-reportsThis skill enables Claude to generate compliance reports based on various security standards and frameworks. It leverages the compliance-report-generator plugin to automate the report creation process. Use this skill when a user requests a "compliance report", "security audit report", or needs documentation for "regulatory compliance". The skill is particularly useful for generating reports related to standards like PCI DSS, HIPAA, SOC 2, or ISO 27001. It can also assist with documenting adherence to specific security policies.
Validation
75%| Criteria | Description | Result |
|---|---|---|
description_trigger_hint | Description may be missing an explicit 'when to use' trigger hint (e.g., 'Use when...') | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
license_field | 'license' field is missing | Warning |
body_output_format | No obvious output/return/format terms detected; consider specifying expected outputs | Warning |
Total | 12 / 16 Passed | |
Implementation
20%This skill content reads like marketing copy rather than actionable technical guidance. It describes what the compliance-report-generator plugin conceptually does but provides no concrete syntax, parameters, or executable examples. Claude cannot act on this skill because it lacks the specific invocation details needed to actually generate reports.
Suggestions
Add concrete plugin invocation syntax showing exact commands/parameters (e.g., `compliance-report-generator --standard=PCI-DSS --scope=ecommerce`)
Replace abstract examples with actual input/output pairs showing what data to provide and what the generated report structure looks like
Remove explanatory filler text about what compliance reports are and why they're useful - Claude already knows this
Add validation steps for reviewing generated reports and handling incomplete data scenarios
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is verbose and explains concepts Claude already knows (what compliance reports are, how plugins work). Phrases like 'saving time and ensuring accuracy' and 'making compliance audits easier' are filler that don't add actionable value. | 1 / 3 |
Actionability | No concrete code, commands, or executable guidance provided. The examples describe what 'the skill will' do abstractly rather than showing actual plugin invocation syntax, parameters, or expected outputs. | 1 / 3 |
Workflow Clarity | Steps are listed (Identify, Gather, Generate) but lack specifics on how to invoke the plugin, what parameters to pass, or validation checkpoints. The workflow is conceptual rather than operational. | 2 / 3 |
Progressive Disclosure | Content is organized into sections but everything is inline with no references to detailed documentation. The 'Integration' section hints at other capabilities but provides no links or concrete guidance. | 2 / 3 |
Total | 6 / 12 Passed |
Activation
90%This is a well-structured description with explicit trigger guidance and good coverage of relevant compliance frameworks. The main weakness is that the capabilities section could be more specific about what actions the skill performs beyond 'generate reports'. The description effectively uses third person voice and provides clear differentiation from other skills.
Suggestions
Add more specific concrete actions beyond 'generate reports' - e.g., 'analyze security controls', 'map requirements to evidence', 'identify compliance gaps', 'create remediation recommendations'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (compliance reports, security standards) and mentions the plugin used, but actions are limited to 'generate reports' and 'documenting adherence' without listing specific concrete actions like 'analyze controls', 'map requirements', or 'identify gaps'. | 2 / 3 |
Completeness | Clearly answers both what (generate compliance reports based on security standards using the compliance-report-generator plugin) and when (explicit 'Use this skill when...' clause with specific trigger phrases and use cases). | 3 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'compliance report', 'security audit report', 'regulatory compliance', plus specific standards (PCI DSS, HIPAA, SOC 2, ISO 27001) that users would naturally mention. | 3 / 3 |
Distinctiveness Conflict Risk | Clear niche focused on compliance/security reporting with specific framework names (PCI DSS, HIPAA, SOC 2, ISO 27001) that create distinct triggers unlikely to conflict with general document or reporting skills. | 3 / 3 |
Total | 11 / 12 Passed |
Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.