generating-compliance-reports
This skill enables Claude to generate compliance reports based on various security standards and frameworks. It leverages the compliance-report-generator plugin to automate the report creation process. Use this skill when a user requests a "compliance report", "security audit report", or needs documentation for "regulatory compliance". The skill is particularly useful for generating reports related to standards like PCI DSS, HIPAA, SOC 2, or ISO 27001. It can also assist with documenting adherence to specific security policies.
Install with Tessl CLI
npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill generating-compliance-reports64
Quality
55%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Optimize this skill with Tessl
npx tessl skill review --optimize ./backups/skills-migration-20251108-070147/plugins/security/compliance-report-generator/skills/compliance-report-generator/SKILL.mdDiscovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a solid skill description with excellent trigger terms and completeness. It clearly states when to use the skill and includes specific compliance frameworks that serve as distinctive triggers. The main weakness is that the capabilities could be more specific about what concrete actions the skill performs beyond 'generate reports'.
Suggestions
Add more specific concrete actions beyond 'generate reports' - e.g., 'maps controls to requirements', 'identifies compliance gaps', 'generates evidence documentation'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (compliance reports, security standards) and mentions the plugin used, but actions are limited to 'generate reports' and 'documenting adherence' without listing specific concrete actions like 'analyze controls', 'map requirements', or 'identify gaps'. | 2 / 3 |
Completeness | Clearly answers both what (generates compliance reports based on security standards using the compliance-report-generator plugin) and when (explicit 'Use this skill when...' clause with specific trigger phrases and use cases). | 3 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'compliance report', 'security audit report', 'regulatory compliance', plus specific standards (PCI DSS, HIPAA, SOC 2, ISO 27001) that users would naturally mention. | 3 / 3 |
Distinctiveness Conflict Risk | Clear niche focused on compliance/security reporting with specific framework names (PCI DSS, HIPAA, SOC 2, ISO 27001) that create distinct triggers unlikely to conflict with general document or reporting skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
20%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill content reads like marketing copy rather than actionable instructions. It describes what the compliance-report-generator plugin does conceptually but provides no concrete syntax, parameters, or executable examples for Claude to actually use the plugin. The content is padded with unnecessary explanations and lacks the technical specificity needed for Claude to perform the task.
Suggestions
Add concrete plugin invocation syntax with actual parameters (e.g., `compliance-report-generator --standard=PCI-DSS --scope=ecommerce`)
Replace abstract 'the skill will' descriptions with executable examples showing exact inputs and expected output formats
Remove filler content like 'empowers Claude', 'saving time', and explanations of what compliance reports are
Add validation steps for reviewing generated reports and handling incomplete data scenarios
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is verbose and explains concepts Claude already knows (what compliance reports are, how plugins work). Phrases like 'empowers Claude' and 'saving time and ensuring accuracy' are filler that don't add actionable value. | 1 / 3 |
Actionability | No concrete code, commands, or executable guidance provided. The examples describe what 'the skill will' do abstractly rather than showing actual plugin invocation syntax, parameters, or expected outputs. | 1 / 3 |
Workflow Clarity | Steps are listed (Identify, Gather, Generate) but lack specifics on how to invoke the plugin, what parameters to pass, or validation checkpoints. The workflow is conceptual rather than operational. | 2 / 3 |
Progressive Disclosure | Content is organized into sections but everything is inline with no references to external documentation. The content could be more concise with detailed examples moved to separate files. | 2 / 3 |
Total | 6 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.