Cyber Compliance Report Drafter

Professional drafting and review of cyber security risk reports, mapping evidence to compliance frameworks.

Install
cmdop skills install agensi-cyber-compliance-report-drafter

Cyber Compliance Report Drafter is a skill that automates the drafting and review of professional cyber security compliance and risk assessment reports. It takes project artifacts, architecture diagrams, and control workbooks as inputs and produces audit-ready documentation in formal governance language.

The skill distinguishes between declared implementation and validated evidence, a distinction that matters for auditors and stakeholders reviewing risk acceptance decisions. It supports several workflows: generating a full end-to-end assessment from scratch, upgrading a Preliminary report (based on design intent) to a Final report once technical validation evidence is available, extracting a list of evidence gaps from existing artifacts, drafting individual sections such as Risk Registers, Data Classification Mappings, or Executive Summaries, and auditing existing draft reports for unsupported claims or structural weaknesses.

Every finding in the output is assigned one of five compliance statuses: Compliant, Partially Compliant, Non-Compliant, Not Applicable, or Needs Verification. Output is produced as British English Markdown tables and structured text, formatted for direct paste into Word or Excel.

This skill is not a substitute for live technical testing or automated vulnerability scanning. It works on documentation and artifacts that are supplied to it; it cannot independently connect to systems, run controls, or retrieve evidence from external sources.

Use cases

  • Draft a full cyber security risk assessment report from architecture diagrams and control workbooks
  • Upgrade a Preliminary compliance report to a Final report after technical validation evidence is collected
  • Scan existing project artifacts to produce a list of missing evidence items
  • Generate an Executive Summary section for a partially completed compliance report
  • Audit an existing draft compliance report for unsupported claims or missing control mappings
  • Produce a Risk Register or Data Classification Mapping as a standalone deliverable

When to use it

  • When preparing audit-ready compliance documentation from existing project artifacts
  • When a team needs to distinguish formally between self-assessed and technically validated controls
  • When upgrading a design-phase report to a post-implementation final report
  • When identifying evidence gaps before an external audit
  • When consistent formal governance language is required across multiple report sections

When not to use it

  • When live vulnerability scanning or penetration testing output is needed rather than documentation
  • When the required output language is not British English
  • When the task requires connecting to live systems to retrieve evidence autonomously
  • When the compliance framework requires a specific proprietary template that is not supplied as an artifact