validating-pci-dss-compliance

This skill uses the pci-dss-validator plugin to assess codebases and infrastructure configurations for compliance with the Payment Card Industry Data Security Standard (PCI DSS). It identifies potential vulnerabilities and deviations from PCI DSS requirements. Use this skill when the user requests to "validate PCI compliance", "check PCI DSS", "assess PCI security", or "review PCI standards" for a given project or configuration. It helps ensure that systems handling cardholder data meet the necessary security controls.

Install with Tessl CLI

npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill validating-pci-dss-compliance

What are skills?

1.08x

Quality

55%

Does it follow best practices?

Impact

89%

1.08x

Average score across 12 eval scenarios

Optimize this skill with Tessl

npx tessl skill review --optimize ./backups/skills-migration-20251108-070147/plugins/security/pci-dss-validator/skills/pci-dss-validator/SKILL.md

SKILL.md

Review

Evals

Evaluation results

95%

14%

Payment Application Pre-Audit Compliance Assessment

Compliance report structure and workflow

Criteria

Without context

With context

Scope defined

33%

100%

Analyze step present

37%

50%

Validation step present

100%

Report compiled

100%

Workflow order correct

40%

90%

Findings listed

100%

Remediation per finding

100%

Tracker items match findings

100%

Tracker has progress fields

100%

Without context: $0.3674 · 3m 18s · 12 turns · 13 in / 7,831 out tokens

With context: $0.6948 · 5m 46s · 28 turns · 326 in / 11,845 out tokens

82%

-5%

AWS Payment Gateway Infrastructure Compliance Review

Infrastructure assessment and IaC integration

Criteria

Without context

With context

Scope defined

100%

Analyze step present

50%

Validation step present

100%

Report compiled with summary

100%

Plugin/tool referenced

35%

Findings listed

100%

Remediation per finding

100%

IaC integration guidance

100%

Remediation plan has status/owner fields

100%

Without context: $0.5718 · 4m 36s · 15 turns · 16 in / 12,633 out tokens

With context: $0.8639 · 6m 53s · 32 turns · 29 in / 15,787 out tokens

100%

Automated PCI DSS Compliance Program for a FinTech CI/CD Pipeline

Continuous compliance program and integration

Criteria

Without context

With context

Periodic schedule defined

100%

Static analysis integration

100%

IaC tool integration

100%

Both code and infra stages

100%

Remediation tracking template

100%

Tracker has run/date fields

100%

Tracker has status/owner fields

100%

Three-step workflow described

100%

Report output in workflow

100%

Scope addressed

100%

Without context: $0.6525 · 4m 30s · 19 turns · 19 in / 13,876 out tokens

With context: $0.6111 · 5m 32s · 26 turns · 25 in / 10,440 out tokens

90%

Payment API Pre-Launch Security Review

Pre-deployment compliance validation

Criteria

Without context

With context

Scope defined first

100%

Analyze step present

100%

Validation step present

100%

Report compiled with summary

100%

Plugin/tool referenced

28%

Pre-deployment framing

100%

Specific violations listed

100%

Remediation per finding

100%

Remediation plan produced

100%

Remediation plan has status/owner fields

100%

Without context: $0.3605 · 3m 44s · 12 turns · 12 in / 8,000 out tokens

With context: $0.7122 · 6m 44s · 33 turns · 143 in / 12,226 out tokens

81%

Cardholder Data Exposure Investigation

Security vulnerability investigation

Criteria

Without context

With context

Investigation framing

100%

Scope defined

100%

Analyze step present

62%

37%

Plugin/tool referenced

Specific vulnerabilities identified

100%

Risk context per finding

100%

Remediation steps per finding

100%

Report compiled with summary

100%

Separate tracker produced

100%

Tracker has date/discovery fields

50%

100%

Tracker has status/owner fields

100%

Without context: $0.4867 · 3m 59s · 15 turns · 16 in / 10,331 out tokens

With context: $0.6562 · 5m 57s · 23 turns · 340 in / 12,868 out tokens

80%

PCI DSS Compliance Check for Payment Processing Library

Static analysis tool integration

Criteria

Without context

With context

Scope defined

100%

Analyze step present

50%

66%

Validation step present

100%

Compliance scanner referenced

14%

57%

Static analysis tool referenced

100%

Both tools in runbook

33%

Specific violations listed

100%

Remediation per finding

100%

Report compiled with summary

100%

Runbook produced

100%

Without context: $0.4175 · 3m 39s · 15 turns · 14 in / 8,826 out tokens

With context: $0.8523 · 6m 29s · 35 turns · 431 in / 13,799 out tokens

98%

12%

PCI DSS Compliance Assessment: Containerized Card Verification Service

Container configuration compliance

Criteria

Without context

With context

Scope defined

100%

Analyze step present

100%

75%

Validation step present

100%

Workflow order correct

100%

Plugin/tool referenced

100%

Container violations listed

100%

Application violations listed

100%

Remediation per finding

100%

Report compiled with summary

100%

Remediation tracker produced

100%

Without context: $0.5071 · 3m 19s · 18 turns · 19 in / 9,919 out tokens

With context: $0.7294 · 6m 15s · 32 turns · 30 in / 12,100 out tokens

92%

PCI DSS Compliance Assessment: Payment Platform Microservices

Multi-service scope assessment

Criteria

Without context

With context

Scope covers all services

100%

Analyze step present

37%

25%

Validation step present

100%

Workflow order correct

100%

75%

Plugin/tool referenced

100%

Auth service violations

100%

Transaction service violations

100%

Reporting service violations

100%

Remediation per finding

100%

Report compiled with summary

100%

Remediation tracker produced

100%

Without context: $0.4686 · 4m 35s · 14 turns · 15 in / 9,854 out tokens

With context: $0.8080 · 6m 8s · 29 turns · 26 in / 13,576 out tokens

96%

12%

Quarterly PCI DSS Compliance Review: Legacy Payment Processing Module

Periodic compliance review and tracking

Criteria

Without context

With context

Scope defined

100%

Periodic framing

100%

Analyze step present

50%

Validation step present

100%

Workflow order correct

100%

Plugin/tool referenced

100%

Specific violations listed

100%

Remediation per finding

100%

Report compiled with summary

100%

Remediation tracker produced

100%

Tracker supports multi-cycle tracking

100%

Without context: $0.4118 · 4m 18s · 16 turns · 16 in / 7,414 out tokens

With context: $0.6979 · 5m 43s · 26 turns · 256 in / 12,047 out tokens

98%

19%

Cloud Infrastructure Compliance Review for Payment Platform

CloudFormation infrastructure compliance assessment

Criteria

Without context

With context

Scope defined first

75%

100%

Analyze step present

28%

71%

Validation step present

100%

Workflow order correct

100%

Plugin/tool referenced

100%

Unencrypted storage violations

100%

Network security violations

100%

Credential exposure violations

100%

Logging/monitoring gaps identified

100%

Unencrypted transmission identified

100%

Remediation per finding

100%

Report compiled with summary

100%

Remediation plan with status/owner fields

100%

Without context: $0.4562 · 3m 9s · 11 turns · 12 in / 10,796 out tokens

With context: $0.8913 · 5m 2s · 28 turns · 28 in / 16,844 out tokens

83%

Database Layer Compliance Review for Payment Processing System

Database data handling and retention compliance

Criteria

Without context

With context

Scope defined first

100%

Analyze step present

28%

42%

Validation step present

100%

Workflow order correct

85%

100%

Plugin/tool referenced

CVV storage violation identified

100%

Track data or full PAN storage identified

100%

Logging violation identified

100%

Credential exposure identified

100%

Unmasked data export identified

100%

Remediation per finding

100%

Report compiled with summary

100%

Remediation tracker with status/owner

100%

Without context: $0.4969 · 4m 53s · 15 turns · 16 in / 10,655 out tokens

With context: $0.8844 · 6m 54s · 29 turns · 111 in / 15,970 out tokens

84%

-2%

Payment Gateway API Security Review

REST API endpoint compliance assessment

Criteria

Without context

With context

Scope defined first

100%

Analyze step present

100%

66%

Validation step present

100%

Workflow order correct

100%

Plugin/tool referenced

Logging violation identified

100%

Data storage violations identified

100%

Weak hashing violation identified

100%

Unauthenticated endpoint identified

100%

Remediation per finding

100%

Report compiled with summary

100%

Remediation plan produced

100%

Remediation plan has status/owner fields

100%

Without context: $0.5190 · 5m 13s · 14 turns · 15 in / 11,972 out tokens

With context: $0.7894 · 7m 2s · 30 turns · 294 in / 14,105 out tokens

Evaluated: 5 days ago
Agent: Claude Code
Model: Claude Sonnet 4.6

Table of Contents

Payment Application Pre-Audit Compliance Assessment AWS Payment Gateway Infrastructure Compliance Review Automated PCI DSS Compliance Program for a FinTech CI/CD Pipeline Payment API Pre-Launch Security Review Cardholder Data Exposure Investigation PCI DSS Compliance Check for Payment Processing Library PCI DSS Compliance Assessment: Containerized Card Verification Service PCI DSS Compliance Assessment: Payment Platform Microservices Quarterly PCI DSS Compliance Review: Legacy Payment Processing Module Cloud Infrastructure Compliance Review for Payment Platform Database Layer Compliance Review for Payment Processing System Payment Gateway API Security Review

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.