CtrlK
BlogDocsLog inGet started
Tessl Logo

pci-compliance

Implement PCI DSS compliance requirements for secure handling of payment card data and payment systems. Use when securing payment processing, achieving PCI compliance, or implementing payment card security measures.

64

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Advisory

Suggest reviewing before use

SKILL.md
Quality
Evals
Security

Quality

Content

65%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

Strong on executable, actionable code but the body is over-long and front-loads reference-style material Claude already knows. Adding a sequenced compliance workflow with validation steps would lift workflow clarity.

Suggestions

Move the restated 12 PCI DSS requirements and compliance-level tables into references/details.md, keeping only the operational patterns in SKILL.md.

Add a sequenced audit/preparation workflow with explicit validation checkpoints (e.g., validate-no-prohibited-storage -> remediate -> re-validate) for batch or destructive operations.

Relocate the larger code templates (custom token vault, encrypted storage) to the reference so the main body stays a lean overview pointing to details.md.

DimensionReasoningScore

Conciseness

Mostly executable and efficient, but restates PCI DSS's 12 requirements, compliance levels, and NEVER-STORE prose that Claude already knows; much inline code could move to the reference.

2 / 3

Actionability

Provides complete, copy-paste-ready Python for AES-GCM encryption, Fernet tokenization, Stripe token-based charges, and log sanitization.

3 / 3

Workflow Clarity

Presents requirements and patterns but lacks a sequenced compliance/audit workflow with explicit validation checkpoints for destructive or batch operations, capping this dimension at 2.

2 / 3

Progressive Disclosure

Has a clearly signaled one-level-deep reference (references/details.md, confirmed present), but the body is a monolithic wall of inline code that belongs partly in the reference.

2 / 3

Total

9

/

12

Passed

Description

85%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A clear, third-person description with explicit use-when triggers and concrete capability statements. It is distinctive and complete, with only minor room to add more colloquial trigger terms.

DimensionReasoningScore

Specificity

Names multiple concrete actions: 'Implement PCI DSS compliance requirements', 'secure handling of payment card data', 'securing payment processing', and 'implementing payment card security measures'.

3 / 3

Completeness

Explicitly answers both what it does and when to use it via the 'Use when securing payment processing, achieving PCI compliance...' clause.

3 / 3

Trigger Term Quality

Includes natural terms like 'securing payment processing' and 'achieving PCI compliance', but lacks common user variations such as 'credit card', 'cardholder data', or 'payment systems audit'.

2 / 3

Distinctiveness Conflict Risk

The PCI DSS / payment card niche is distinct with specific triggers, making overlap with unrelated skills unlikely.

3 / 3

Total

11

/

12

Passed

Validation

100%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation16 / 16 Passed

Validation for skill structure

No warnings or errors.

Repository
wshobson/agents
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.