Review code against compliance standards (PCI DSS, GDPR, WCAG, HIPAA, SOX, SOC 2)
Scans code for compliance violations across standards like PCI DSS, GDPR, WCAG, HIPAA, SOX, and SOC 2.
/plugin marketplace add peixotorms/odinlayer-skills/plugin install compliance-skills@odinlayer-skillsReview the code at $ARGUMENTS against applicable compliance standards.
Read the target — if a directory, scan all relevant source files (PHP, Python, JavaScript, TypeScript, HTML, CSS, SQL, config files). If a single file, read it fully.
Detect which standards apply by looking at the code:
For each applicable standard, review against the corresponding skill:
pci-compliance — check data classification, tokenization, encryption, access control, audit logging, scopegdpr-compliance — check consent management, data subject rights, privacy by design, retention, breach handlingaccessibility-compliance — check semantic HTML, ARIA usage, keyboard navigation, color contrast, forms, mediahipaa-compliance — check PHI handling, de-identification, audit controls, transmission security, BAA requirementssox-compliance — check audit trails, segregation of duties, change management, data integrity, access controlssoc2-compliance — check access controls, encryption, logging, change management, incident response, vendor managementReport findings grouped by standard:
## PCI DSS Findings
### Critical
- [file:line] Description of violation and fix
### Warnings
- [file:line] Description and recommendation
## GDPR Findings
### Critical
- [file:line] Description of violation and fix
### Warnings
- [file:line] Description and recommendation
## WCAG Findings
### Critical
- [file:line] Description of violation and fix
### Warnings
- [file:line] Description and recommendation
Skip standards that don't apply — don't force-fit. If there's no payment code, skip PCI. If there's no UI, skip WCAG.
End with a summary — overall compliance posture and top 3 priority fixes.