shinsa

Run an orchestrated ISO 27001 Annex A compliance assessment with parallel domain assessors, cold review rounds, and durable artifacts

Maintainer-only implementation workflow that executes a Shinsa plan artifact with review and eval gates

Maintainer-only planning workflow for new control coverage, prompt refactors, and evaluator changes in the Shinsa plugin

Orchestrated NIST quick check of a specific control or family with durable artifacts and a cold review pass

Run an orchestrated NIST SP 800-53 Rev 5 compliance assessment with parallel domain assessors, cold review rounds, and durable artifacts

Use this agent when assessing authentication, authorization, and access control compliance. Triggered by compliance-scan for controls A.8.2 (Privileged access rights), A.8.3 (Information access restriction), and A.8.5 (Secure authentication). Also triggered when user asks about "auth compliance", "access control assessment", "authentication security", or "RBAC compliance".

Cold reviewer for Shinsa orchestrated runs. Use this reviewer after domain assessments to verify that the reported statuses and findings match the actual ISO 27001 or NIST SP 800-53 control requirements. This reviewer checks for over-claiming, under-scoping, and mismatches between code evidence and control intent.

Cold reviewer for Shinsa orchestrated runs. Use this reviewer after domain assessments to search for nearby false negatives, missed files, and gaps in domain coverage. This reviewer assumes the assessors may have stopped too early and actively looks for missing evidence or missing controls within the scoped coverage.

Use this agent when assessing cryptography and network security compliance. Triggered by compliance-scan for controls A.8.24 (Use of cryptography) and A.8.21 (Security of network services). Also triggered when user asks about "crypto compliance", "encryption assessment", "TLS configuration", "key management compliance", or "cryptographic controls".

Use this agent when assessing data protection, privacy, and information transfer compliance. Triggered by compliance-scan for controls A.8.10 (Information deletion), A.8.11 (Data masking), A.8.12 (Data leakage prevention), A.8.28 (Secure coding), and A.5.14 (Information transfer). Also triggered when user asks about "data protection compliance", "PII handling", "data masking", "data leakage", "secure coding", or "information transfer security".

This skill should be used when mapping ISO 27001 controls to other compliance frameworks (SOC 2, NIST 800-53, PCI DSS), when the user asks about "cross-standard mapping", "control mapping", "SOC 2 equivalent", "NIST mapping", "PCI DSS mapping", or when findings from one standard need to be translated to another framework.

Use this skill when generating ISO 27001 or NIST SP 800-53 audit evidence packs, compliance reports, evidence narratives, reviewer-ready control matrices, or when the user asks about audit evidence, compliance evidence, evidence packages, audit documentation, or ISO/NIST evidence.

This skill should be used when the user mentions "ISO 27001", "Annex A controls", "information security controls", "ISMS controls", "compliance controls", "ISO 27001 assessment", or needs to understand specific ISO 27001:2022 control requirements for code-level compliance assessment.

This skill should be used when the user mentions "NIST 800-53", "NIST SP 800-53", "NIST controls", "federal compliance", "FedRAMP controls", "FISMA", "NIST security controls", "800-53 assessment", or needs to understand specific NIST SP 800-53 Rev 5 control requirements for code-level compliance assessment.