From c-level-agents
/cs:ciso-review <plan> — Risk-paranoid interrogation of any plan that touches data, compliance, or production access.
How this skill is triggered — by the user, by Claude, or both
Slash command
/c-level-agents:ciso-reviewThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
**Command:** `/cs:ciso-review <plan>`
Command: /cs:ciso-review <plan>
The risk-paranoid threat-modeler. Six questions before any production change that touches customer data or compliance scope.
What's the STRIDE threat model for this system, and which threat is most likely?
If this is fully compromised, what data is exposed and how many users are affected?
What signals indicate compromise, and how long until they're triggered (MTTD)?
Is there an IR runbook for this scenario, and has it been tabletop-tested?
What's the regulator notification window if this scenario occurs?
Which third-party vendors are in scope, and what's their security posture?
python ../../../skills/ciso-advisor/scripts/risk_quantifier.py
python ../../../skills/ciso-advisor/scripts/compliance_tracker.py
# CISO Review: <plan>
**Date:** YYYY-MM-DD
## Threat Model
- Top threat: <STRIDE category> — <description>
- Likelihood: H/M/L | Impact: H/M/L
- ALE: $X / year
## Blast Radius
- Data exposed (worst case): <description>
- Users affected: N
- Estimated cost: $X
## Detection
- MTTD target: X hours
- Current MTTD: X hours
- Detection rule: <name>
## Response
- IR runbook: ✅ / ❌
- Last tabletop: <date>
## Regulatory
- Frameworks in scope: SOC 2 / ISO 27001 / HIPAA / GDPR
- Notification window: X hours/days
## Vendors
- New vendors added: N
- DPAs signed: N / N
- Security reviews complete: N / N
## Verdict
🟢 SHIP | 🟡 MITIGATE THEN SHIP | 🔴 BLOCK
/cs:cto-review — architecture alignment/cs:gc-review — DPA, regulatory implications/cs:decide — log risk acceptance/cs:boardroom — for CRITICAL riskscs-ciso-advisorciso-advisor../../../../ra-qm-team/Version: 1.0.0
npx claudepluginhub bensitaud-hash/claude-skills --plugin c-level-agentsGuides completion of development work by verifying tests, detecting environment, and presenting structured options for merge, PR, or cleanup.
Guides creation and editing of skills using test-driven development with pressure scenarios and subagents to verify agent compliance.
Dispatches multiple subagents concurrently for independent tasks without shared state. Use when facing 2+ unrelated failures or subsystems that can be investigated in parallel.
18plugins reuse this skill
First indexed Jun 3, 2026
Showing the 6 earliest of 18 plugins