This one walks through HIPAA, SOC 2, PCI-DSS, and GDPR technical requirements using actual browser tests. It scopes which frameworks apply to your app, then runs concrete checks like verifying PHI isn't in URLs, testing session timeouts, confirming credit card masking, and checking that audit logs actually capture access events. The output maps findings back to specific regulatory sections and generates YAML regression tests so you can catch compliance drift in CI. It won't cover the organizational stuff like policies or vendor management, but for the technical controls you can validate in a browser, it's methodical. Worth running before an audit or when adding regulated data handling.
npx skills add https://github.com/shiplightai/agent-skills --skill compliance-review