ログイン
williamzujkowski

Compliance Automation Engine

by @williamzujkowski in Development
3
0
# Install this skill:
npx skills add williamzujkowski/cognitive-toolworks --skill "Compliance Automation Engine"

Install specific skill from multi-skill repository

# Description

Automate compliance checks for NIST, FedRAMP, FISMA, GDPR, HIPAA, and fintech regulations with OSCAL artifact generation and evidence validation.

# SKILL.md

name: Compliance Automation Engine
slug: compliance-automation-engine
description: Automate compliance checks for NIST, FedRAMP, FISMA, GDPR, HIPAA, and fintech regulations with OSCAL artifact generation and evidence validation.
deprecated: true
deprecation_notice: "This skill has been refactored into the compliance-orchestrator agent. Use /agents/compliance-orchestrator/AGENT.md for multi-step compliance workflows."
deprecated_date: "2025-10-26"
replacement: "compliance-orchestrator"
capabilities:
- Cross-framework control mapping (NIST CSF, 800-53, FedRAMP, FISMA, GDPR, HIPAA)
- OSCAL artifact generation (SSP, SAP, SAR, POA&M)
- Automated evidence collection and validation
- Gap analysis and remediation planning
- Continuous compliance monitoring
- ATO (Authority to Operate) preparation support
inputs:
- framework: compliance framework identifier (nist-csf, nist-800-53, fedramp, fisma, gdpr, hipaa, pci-dss)
- control_baseline: baseline level (low, moderate, high for NIST/FedRAMP)
- evidence_path: directory path containing compliance evidence artifacts
- system_context: JSON describing system boundaries, data flows, components
- validation_mode: quick, standard, comprehensive (maps to T1/T2/T3)
outputs:
- compliance_report: structured JSON with control status, gaps, evidence mapping
- oscal_artifacts: generated OSCAL documents (format depends on framework)
- remediation_plan: prioritized list of gaps with recommended actions
- dashboard_data: metrics for continuous compliance monitoring
keywords:
- compliance
- automation
- nist
- fedramp
- fisma
- oscal
- gdpr
- hipaa
- controls
- ato
- security
- governance
version: 1.0.0
owner: cognitive-toolworks
license: CC0-1.0
security: public; no secrets or PII; handles compliance metadata only
links:
- https://www.nist.gov/cyberframework
- https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
- https://www.fedramp.gov/
- https://pages.nist.gov/OSCAL/
- https://gdpr.eu/
- https://www.hhs.gov/hipaa/
- https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final
- https://www.fedramp.gov/assets/resources/documents/FedRAMP_Security_Controls_Baseline.xlsx

Purpose & When-To-Use

⚠️ DEPRECATION NOTICE

This skill has been deprecated as of 2025-10-26 and refactored into the compliance-orchestrator agent (/agents/compliance-orchestrator/AGENT.md).

Reason for deprecation: This skill violated CLAUDE.md principles by implementing a 15-step procedure (T1: 2 steps, T2: 7 steps, T3: 8 steps) when skills should be ≤2 steps. Multi-step compliance workflows require proper orchestration and are better suited as agents.

Migration path: Use the compliance-orchestrator agent with the following command:

orchestrator use compliance-orchestrator \
  --framework [fedramp-moderate|nist-800-53|fisma|hipaa|gdpr] \
  --control-baseline [low|moderate|high] \
  --evidence-path /path/to/evidence \
  --system-context @system_context.json \
  --validation-mode [quick|standard|comprehensive]

See /agents/compliance-orchestrator/MIGRATION.md for detailed migration instructions.

Timeline:
- 2025-10-26: Deprecated (warning period begins)
- 2025-11-26: 30-day warning period ends
- 2025-12-26: Skill may be archived or removed

Original Purpose (for historical reference):

Trigger conditions:

  • Preparing for Authority to Operate (ATO) or certification under FedRAMP, FISMA, HIPAA, GDPR, or other frameworks
  • Conducting compliance audit or assessment requiring control mapping and evidence validation
  • Implementing continuous compliance monitoring for regulatory requirements
  • Generating OSCAL artifacts (SSP, SAP, SAR, POA&M) for submission or review
  • Performing gap analysis between current state and required control baseline
  • Responding to audit findings or compliance violations requiring remediation tracking
  • Migrating between compliance frameworks (e.g., NIST 800-53 to FedRAMP baseline)

Use this skill when:

  • System requires compliance certification under one or more federal/industry regulations
  • Organization needs automated control mapping across multiple frameworks
  • Manual compliance tracking has become error-prone or resource-intensive
  • Auditors or assessors require standardized OSCAL-formatted documentation
  • Continuous monitoring is required for ongoing ATO maintenance
  • Control inheritance from cloud providers (AWS, Azure, GCP) needs mapping

Do NOT use this skill for:

  • Legal interpretation of regulations (requires qualified counsel)
  • Privacy impact assessments requiring human judgment
  • First-time framework selection (use architecture decision framework instead)
  • Systems not subject to regulatory compliance requirements

Pre-Checks

Time normalization:

NOW_ET = <NIST time.gov semantics, America/New_York, ISO-8601>
Example: 2025-10-25T21:30:36-04:00

Input validation:

  • framework must be one of: nist-csf, nist-800-53, fedramp, fisma, gdpr, hipaa, pci-dss, sox, fintech-composite
  • control_baseline required for NIST/FedRAMP frameworks: low, moderate, high
  • FedRAMP Low: 125 controls (accessed 2025-10-25T21:30:36-04:00, source)
  • FedRAMP Moderate: 325 controls
  • FedRAMP High: 421 controls
  • evidence_path must exist and be readable; skip if empty (report as gap)
  • system_context must include at minimum: system_name, system_id, boundary_description, authorization_boundary
  • validation_mode defaults to standard (T2) if not specified

Framework version checks:

  • NIST SP 800-53 current version: Rev 5 (September 2020, accessed 2025-10-25T21:30:36-04:00, source)
  • OSCAL current version: 1.1.2 (accessed 2025-10-25T21:30:36-04:00, source)
  • FedRAMP baseline version: Rev 5 baseline (2022, accessed 2025-10-25T21:30:36-04:00)
  • GDPR: effective May 25, 2018; no version changes (accessed 2025-10-25T21:30:36-04:00)
  • HIPAA Security Rule: 45 CFR Parts 160, 162, 164 (accessed 2025-10-25T21:30:36-04:00, source)

Dependency checks:

  • If OSCAL generation requested: validate OSCAL schema availability
  • If FedRAMP: verify access to FedRAMP template repository
  • If evidence validation: check for supported evidence formats (PDF, JSON, YAML, logs)

Procedure

Tier 1: Quick Compliance Check (≤2k tokens)

Goal: Rapid assessment of control coverage and critical gaps for 80% use cases

Target scenarios:
* Quick readiness check before formal assessment
* Dashboard updates for continuous monitoring
* High-level gap identification

Steps:

  1. Load control baseline
  2. Fetch applicable controls for framework + control_baseline
  3. Example: FedRAMP Moderate = 325 controls from AC, AT, AU, CA, CM, CP, IA, IR, MA, MP, PE, PL, PS, RA, SA, SC, SI, SR families

  4. Source: NIST SP 800-53 Rev 5 catalog (accessed 2025-10-25T21:30:36-04:00)

  5. Scan evidence directory

  6. Count evidence files mapped to controls (via naming convention or manifest)

  7. Flag controls with zero evidence as critical gaps

  8. Calculate coverage metrics

  9. coverage_pct = (controls_with_evidence / total_controls) * 100
  10. critical_gaps = controls with family priority 1 and zero evidence

  11. status = "ready" if coverage_pct >= 95 else "gaps-identified"

  12. Generate quick report
    json { "framework": "fedramp-moderate", "total_controls": 325, "implemented": 310, "in_progress": 10, "not_started": 5, "coverage_pct": 95.4, "critical_gaps": ["AC-2(1)", "AU-6(1)", "IR-4"], "status": "gaps-identified", "next_action": "address critical gaps before full assessment" }

Token budget: ~1800 tokens (control list loading + basic logic)

Tier 2: Standard Compliance Assessment (≤6k tokens)

Goal: Detailed control-by-control validation with evidence mapping and OSCAL SSP generation

Target scenarios:
* Pre-audit readiness assessment
* OSCAL SSP document generation for submission
* Detailed gap analysis with remediation recommendations

Steps:

  1. Load and normalize controls
  2. Fetch full control catalog for framework
  3. Apply control baseline overlay (low/moderate/high)

  4. Cross-reference with framework-specific requirements (e.g., FedRAMP parameters)

  5. Evidence collection and mapping

  6. Scan evidence_path for artifacts
  7. Parse evidence manifests (JSON/YAML) linking evidence to controls
  8. Validate evidence freshness (warn if >90 days old)

  9. Map evidence types: policies, procedures, configurations, logs, screenshots, test results

  10. Control status assessment

  11. For each control:

    • Check evidence existence and quality
    • Validate against control implementation requirements
    • Determine status: implemented, partially-implemented, planned, not-applicable
    • Document inheritance (e.g., from AWS GovCloud, Azure Government)

  12. Gap analysis

  13. Identify controls lacking sufficient evidence

  14. Categorize gaps by severity:

    • Critical: High-impact controls (AC, IA, SC families) with zero evidence
    • High: Moderate-impact controls missing required evidence types
    • Medium: Minor evidence gaps or outdated artifacts
    • Low: Documentation formatting issues

  15. Generate OSCAL SSP (if requested)

  16. Construct OSCAL 1.1.2 compliant SSP JSON
  17. Include sections:
    • metadata: system info, responsible parties, publication timestamp (NOW_ET)
    • import-profile: reference to applied baseline (e.g., FedRAMP Moderate)
    • system-characteristics: boundary, data flows, components
    • system-implementation: components, users, inventory
    • control-implementation: per-control implementation statements and evidence references
    • back-matter: evidence artifacts as resources

  18. Validate against OSCAL SSP schema (accessed 2025-10-25T21:30:36-04:00, source)

  19. Remediation planning

  20. Generate prioritized remediation plan:
    ```
    Priority 1 (Critical - Required for ATO):

    • AC-2(1): Account Management | Automated Account Management
      Gap: No evidence of automated account provisioning/deprovisioning
      Recommendation: Implement SCIM with IdP; document in AC-2 policy
      Effort: 2-4 weeks | Owner: IAM team

    Priority 2 (High - Required for full compliance):
    - AU-6(1): Audit Review, Analysis, and Reporting | Automated Process Integration
    Gap: Logs collected but no automated analysis/alerting
    Recommendation: Deploy SIEM with correlation rules; reference in AU-6 procedure
    Effort: 4-6 weeks | Owner: SecOps team
    ```

  21. Output structured report

  22. Compliance report JSON (see Output Contract)
  23. OSCAL SSP artifact (if applicable)
  24. Remediation plan markdown
  25. Dashboard metrics for tracking

Token budget: ~5500 tokens (detailed control iteration + OSCAL generation)

Key decision points:
* If coverage < 70%: recommend deferring formal assessment
* If critical gaps in AC, IA, SC families: flag as ATO blockers
* If evidence > 180 days old: require refresh

Tier 3: Comprehensive Compliance Audit (≤12k tokens)

Goal: Deep-dive multi-framework analysis with cross-framework mapping, continuous monitoring design, and full OSCAL artifact suite generation

Target scenarios:
* Initial ATO package preparation requiring SSP, SAP, SAR, POA&M
* Multi-framework compliance (e.g., FedRAMP + HIPAA for healthcare SaaS)
* Continuous monitoring implementation
* Post-incident compliance impact assessment

Steps:

  1. Multi-framework control mapping
  2. Load controls for all applicable frameworks
  3. Build mapping table using NIST Cybersecurity Framework (CSF) as pivot
    • Example: NIST CSF PR.AC-1 maps to:
    • NIST 800-53 Rev 5: AC-2, AC-3, AC-5, AC-6
    • FedRAMP Moderate: AC-2, AC-3 (subset)
    • HIPAA: 164.308(a)(3), 164.308(a)(4)
    • GDPR: Article 32(1)(b) - access control
  4. Source: NIST CSF Framework Crosswalk (accessed 2025-10-25T21:30:36-04:00, source)

  5. Identify overlapping controls to avoid duplicate effort

  6. Deep evidence validation

  7. For each control implementation:

    • Validate evidence completeness against control requirements
    • Check evidence chain: policy → procedure → configuration → test result
    • Verify evidence authenticity (digital signatures, audit trails)
    • Assess evidence quality using criteria:
    • Specificity: does evidence directly address control requirement?
    • Timeliness: is evidence current (< 90 days for operational evidence)?
    • Consistency: do multiple evidence sources corroborate?
    • Scope: does evidence cover entire system boundary?

  8. Control inheritance analysis

  9. For cloud-hosted systems, analyze inherited controls:
    • AWS: 160+ inherited controls for FedRAMP High GovCloud (accessed 2025-10-25T21:30:36-04:00, source)
    • Azure Government: similar coverage for FedRAMP High (accessed 2025-10-25T21:30:36-04:00)
    • Document customer responsibility matrix (shared vs. inherited)

  10. Validate cloud provider compliance documentation is current

  11. Generate complete OSCAL artifact suite

SSP (System Security Plan):
* Full implementation details per control
* Responsible parties and roles
* System diagrams (reference from system_context)
* Authorization boundary definition

SAP (Security Assessment Plan):
* Assessment objectives per control
* Assessment methods: examine, interview, test
* Assessment team roles
* Assessment schedule
* NIST SP 800-53A assessment procedures (accessed 2025-10-25T21:30:36-04:00, source)

SAR (Security Assessment Report):
* Assessment findings per control
* Risk ratings (low/moderate/high)
* Identified deficiencies
* Recommended remediation actions

POA&M (Plan of Action & Milestones):
* Open findings from assessment
* Remediation plan with milestones
* Risk acceptance decisions
* Deviation requests (if applicable)
* Per FedRAMP POA&M template requirements (accessed 2025-10-25T21:30:36-04:00, source)

  1. Continuous monitoring design
  2. Identify controls requiring continuous monitoring (CM controls)
  3. Recommend monitoring frequency per control family:
    • Real-time: AC (access), AU (audit), SI (incident)
    • Daily: CM (configuration), IA (identification)
    • Weekly: RA (risk assessment), CA (assessment)
    • Monthly: PL (planning), SA (acquisition)

  4. Generate monitoring dashboard schema:
    json { "metrics": [ {"control": "AC-2", "metric": "failed_login_attempts", "threshold": 5, "period": "15min"}, {"control": "AU-6", "metric": "unreviewed_audit_records", "threshold": 1000, "period": "24h"}, {"control": "CM-3", "metric": "unapproved_config_changes", "threshold": 0, "period": "1h"} ], "alerting": { "critical": ["AC-*", "IA-*", "SC-*"], "high": ["AU-*", "CM-*", "IR-*"] } }

  5. Risk-based prioritization

  6. Apply NIST RMF Risk Assessment Framework (accessed 2025-10-25T21:30:36-04:00, source)
  7. Calculate risk scores per gap:
    • Likelihood (Low=1, Moderate=2, High=3)
    • Impact (Low=10, Moderate=50, High=100) per FIPS 199
    • Risk = Likelihood × Impact

  8. Prioritize remediation by risk score descending

  9. Compliance dashboard generation

  10. Output metrics suitable for executive dashboards:

    • Overall compliance score (%)
    • Controls by status (pie chart data)
    • Top 5 risk items
    • Remediation velocity (gaps closed per sprint/month)
    • Time-to-ATO estimate based on current velocity
    • Trend analysis (if historical data available)

  11. Cross-framework compliance report

  12. Unified view showing compliance across multiple frameworks
  13. Identify efficiency opportunities (one control satisfying multiple requirements)
  14. Highlight framework-specific gaps requiring additional evidence

Token budget: ~11500 tokens (multi-framework mapping + full OSCAL suite + monitoring design)

Key decision points:
* If POA&M items > 50: recommend phased remediation approach
* If high-risk gaps in authorization boundary: recommend boundary re-scoping
* If continuous monitoring not feasible: document risk acceptance rationale
* If multi-framework conflicts detected: escalate for policy decision

Decision Rules

Ambiguity resolution:

  • Framework version conflicts: Default to latest published version; warn if document specifies older version
  • Missing control parameters: Use baseline defaults per NIST 800-53B (accessed 2025-10-25T21:30:36-04:00, source); flag for manual review
  • Evidence interpretation: If evidence format unclear, attempt automated parse; fall back to manual review flag
  • Control status uncertainty: Default to partially-implemented with justification; require manual adjudication

Abort conditions:

  • framework not recognized → emit error and list valid frameworks
  • system_context missing required fields → emit TODO list of missing fields
  • Evidence path inaccessible → warn and proceed with gap analysis
  • OSCAL schema validation fails → report errors and halt artifact generation
  • Control baseline exceeds token budget → recommend splitting into multiple assessments

Tier escalation triggers:

  • T1→T2: User requests OSCAL generation or detailed gap analysis
  • T2→T3: Multiple frameworks specified, or continuous monitoring design requested, or full artifact suite needed

Quality thresholds:

  • Evidence age warning: > 90 days
  • Evidence age error: > 365 days
  • Coverage warning: < 80%
  • Coverage error: < 70%
  • Critical gap threshold: any control in AC-1, AC-2, IA-2, IA-5, SC-7, SC-8 families

Output Contract

compliance_report (JSON):

{
  "metadata": {
    "timestamp": "2025-10-25T21:30:36-04:00",
    "framework": "fedramp-moderate",
    "system_id": "SYS-001",
    "system_name": "Example SaaS Platform",
    "assessment_tier": "T3"
  },
  "summary": {
    "total_controls": 325,
    "implemented": 310,
    "partially_implemented": 10,
    "planned": 3,
    "not_applicable": 2,
    "coverage_pct": 95.4,
    "status": "ready-with-findings",
    "estimated_ato_date": "2025-12-15"
  },
  "gaps": [
    {
      "control_id": "AC-2(1)",
      "title": "Account Management | Automated Account Management",
      "severity": "critical",
      "gap_description": "No evidence of automated account provisioning",
      "risk_score": 300,
      "remediation": {
        "recommendation": "Implement SCIM with IdP",
        "effort_weeks": 4,
        "owner": "IAM Team",
        "target_date": "2025-11-22"
      }
    }
  ],
  "metrics": {
    "controls_by_family": {"AC": 25, "AU": 18, "...": "..."},
    "evidence_count": 847,
    "evidence_types": {"policy": 45, "procedure": 68, "config": 312, "test": 422}
  }
}

oscal_artifacts (object):

{
  "ssp": "<OSCAL 1.1.2 compliant SSP JSON>",
  "sap": "<OSCAL SAP JSON if T3>",
  "sar": "<OSCAL SAR JSON if T3>",
  "poam": "<OSCAL POA&M JSON if gaps exist>"
}

remediation_plan (markdown):

Prioritized list with:
* Priority level (1=Critical, 2=High, 3=Medium, 4=Low)
* Control ID and title
* Gap description
* Recommended action
* Effort estimate
* Responsible party
* Target completion date

dashboard_data (JSON):

Time-series compatible metrics for visualization:
* Compliance score over time
* Gap count by severity
* Remediation velocity
* Control family coverage heatmap

Required fields (all tiers):
* metadata.timestamp (NOW_ET)
* summary.total_controls
* summary.coverage_pct
* summary.status

Optional fields (T2+):
* oscal_artifacts.ssp
* remediation_plan

Optional fields (T3 only):
* oscal_artifacts.sap, .sar, .poam
* dashboard_data
* multi_framework_mapping

Examples

Example 1: T2 FedRAMP Moderate Assessment

# Input
framework: fedramp-moderate
control_baseline: moderate
evidence_path: /compliance/evidence/fedramp-mod
system_context:
  system_name: "Cloud SaaS Platform"
  system_id: "CSP-001"
  boundary_description: "AWS GovCloud VPC with web/app/db tiers"
  authorization_boundary: "All components in VPC vpc-abc123"
validation_mode: standard

# Processing (excerpt)
# Loaded 325 controls from FedRAMP Moderate baseline
# Scanned 847 evidence files
# Identified 10 gaps (3 critical, 5 high, 2 medium)
# Generated OSCAL SSP (245KB JSON)

# Output (summary)
coverage: 96.9%
status: ready-with-findings
critical_gaps: ["AC-2(1)", "AU-6(1)", "IR-4(1)"]
oscal_ssp_generated: true
remediation_priority: "Address 3 critical gaps in 4-6 weeks"

Quality Gates

Token budgets (enforced):
* T1 ≤ 2000 tokens — quick coverage check, control list loading only
* T2 ≤ 6000 tokens — detailed assessment with OSCAL SSP generation
* T3 ≤ 12000 tokens — multi-framework analysis with full artifact suite

Safety checks:
* No credentials or API keys in evidence files (pattern scan)
* No PII in generated artifacts (GDPR/HIPAA compliance)
* All external links use HTTPS
* Evidence file sizes reasonable (< 50MB per file; warn if larger)

Auditability:
* All control assessments include justification and evidence references
* OSCAL artifacts include metadata/publication timestamp (NOW_ET)
* Remediation plans include responsible parties and target dates
* Audit trail in compliance_report.metadata

Determinism:
* Same inputs + evidence → same compliance_report (idempotent)
* Control status deterministic based on evidence availability and quality
* Gap prioritization algorithmic (risk score calculation)

Validation requirements:
* OSCAL artifacts validate against official schemas (1.1.2)
* Control IDs match official NIST SP 800-53 Rev 5 catalog
* FedRAMP templates match current published versions
* Framework crosswalks use authoritative NIST sources

Resources

NIST Publications:
* NIST Cybersecurity Framework (CSF): https://www.nist.gov/cyberframework (accessed 2025-10-25T21:30:36-04:00)
* NIST SP 800-53 Rev 5 (Security and Privacy Controls): https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final (accessed 2025-10-25T21:30:36-04:00)
* NIST SP 800-53A Rev 5 (Assessment Procedures): https://csrc.nist.gov/publications/detail/sp/800-53a/rev-5/final (accessed 2025-10-25T21:30:36-04:00)
* NIST SP 800-53B (Control Baselines): https://csrc.nist.gov/publications/detail/sp/800-53b/final (accessed 2025-10-25T21:30:36-04:00)
* NIST SP 800-37 Rev 2 (Risk Management Framework): https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final (accessed 2025-10-25T21:30:36-04:00)

OSCAL Resources:
* OSCAL Project Homepage: https://pages.nist.gov/OSCAL/ (accessed 2025-10-25T21:30:36-04:00)
* OSCAL Schema Repository: https://github.com/usnistgov/OSCAL (accessed 2025-10-25T21:30:36-04:00)
* OSCAL Content Repository (controls, catalogs, profiles): https://github.com/usnistgov/oscal-content (accessed 2025-10-25T21:30:36-04:00)

FedRAMP Resources:
* FedRAMP Homepage: https://www.fedramp.gov/ (accessed 2025-10-25T21:30:36-04:00)
* FedRAMP Security Controls Baseline: https://www.fedramp.gov/assets/resources/documents/FedRAMP_Security_Controls_Baseline.xlsx (accessed 2025-10-25T21:30:36-04:00)
* FedRAMP Templates: https://www.fedramp.gov/assets/resources/templates/ (accessed 2025-10-25T21:30:36-04:00)

Regulatory Resources:
* GDPR Official Text: https://gdpr.eu/ (accessed 2025-10-25T21:30:36-04:00)
* HIPAA Security Rule: https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html (accessed 2025-10-25T21:30:36-04:00)
* FISMA Implementation: https://csrc.nist.gov/projects/risk-management/fisma-background (accessed 2025-10-25T21:30:36-04:00)

Cloud Provider Compliance:
* AWS GovCloud FedRAMP: https://aws.amazon.com/compliance/services-in-scope/FedRAMP/ (accessed 2025-10-25T21:30:36-04:00)
* Azure Government Compliance: https://docs.microsoft.com/azure/azure-government/compliance/azure-services-in-fedramp-auditscope (accessed 2025-10-25T21:30:36-04:00)

Tools and Validation:
* OSCAL CLI Tools: https://github.com/usnistgov/oscal-cli (accessed 2025-10-25T21:30:36-04:00)
* NIST CSF Framework Crosswalks: https://www.nist.gov/cyberframework/framework-crosswalks (accessed 2025-10-25T21:30:36-04:00)

# Related Skills

facebook
feature-flags @facebook

Use when feature flag tests fail, flags need updating, understanding @gate pragmas, debugging...

★ 242,571
facebook
fix @facebook

Use when you have lint errors, formatting issues, or before committing code to ensure it passes CI.

★ 242,571
facebook
flags @facebook

Use when you need to check feature flag states, compare channels, or debug why a feature behaves...

★ 242,571

# Supported AI Coding Agents

This skill is compatible with the SKILL.md standard and works with all major AI coding agents:

Amp 🚀 Antigravity 🤖 Claude Code 🦀 Clawdbot 📝 Codex ▶️ Cursor 🤖 Droid 💎 Gemini CLI 🐙 GitHub Copilot 🪿 Goose 📊 Kilo Code 🔧 Kiro CLI 💻 OpenCode 🦘 Roo Code 🌲 Trae 🏄 Windsurf

Learn more about the SKILL.md standard and how to use these skills with your preferred AI coding agent.