CtrlK
BlogDocsLog inGet started
Tessl Logo

pci-compliance

Implement PCI DSS compliance requirements for secure handling of payment card data and payment systems. Use when securing payment processing, achieving PCI compliance, or implementing payment card security measures.

64

1.28x
Quality

44%

Does it follow best practices?

Impact

98%

1.28x

Average score across 3 eval scenarios

SecuritybySnyk

Risky

Do not use without reviewing

Optimize this skill with Tessl

npx tessl skill review --optimize ./plugins/payment-processing/skills/pci-compliance/SKILL.md
SKILL.md
Quality
Evals
Security

Evaluation results

100%

23%

Payment Data Handler Module

Cardholder data protection and log sanitization

Criteria
Without context
With context

PROHIBITED_DATA keys

62%

100%

ALLOWED_DATA keys

57%

100%

PAN masking pattern

0%

100%

Prohibited fields removed from logs

100%

100%

Storage validation raises exception

100%

100%

Storage validation error message

100%

100%

Luhn algorithm implemented

100%

100%

Luhn strips whitespace/dashes

100%

100%

Luhn returns False for non-digits

37%

100%

No CVV in returned storage dict

100%

100%

100%

4%

Secure Card Storage Service

AES-256-GCM encryption and HTTPS enforcement

Criteria
Without context
With context

AES-GCM algorithm

100%

100%

256-bit key size

100%

100%

Random 12-byte nonce

100%

100%

Nonce prepended to ciphertext

100%

100%

Nonce split in decrypt

100%

100%

SESSION_COOKIE_SECURE

100%

100%

SESSION_COOKIE_HTTPONLY

100%

100%

SESSION_COOKIE_SAMESITE

50%

100%

flask_talisman HTTPS

100%

100%

Decrypt round-trip

100%

100%

96%

39%

Payment Methods API with Access Control

Role-based access control and PCI audit logging

Criteria
Without context
With context

pci_access role check

0%

100%

403 on denied access

100%

100%

Access log: timestamp

100%

100%

Access log: user_id

50%

100%

Access log: resource

100%

100%

Access log: action and result

33%

100%

Access log: ip_address

62%

100%

Auth log: event field

0%

50%

Auth log: success and method

0%

100%

No raw card numbers stored

50%

100%

Protected route guarded

100%

100%

Denied access also logged

100%

100%

Repository
wshobson/agents
Commit

91fe43e

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

Payment Data Handler ModuleSecure Card Storage ServicePayment Methods API with Access Control

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill