Cyber Compliance Report Drafter is a skill that automates the drafting and review of professional cyber security compliance and risk assessment reports. It takes project artifacts, architecture diagrams, and control workbooks as inputs and produces audit-ready documentation in formal governance language.
The skill distinguishes between declared implementation and validated evidence, a distinction that matters for auditors and stakeholders reviewing risk acceptance decisions. It supports several workflows: generating a full end-to-end assessment from scratch, upgrading a Preliminary report (based on design intent) to a Final report once technical validation evidence is available, extracting a list of evidence gaps from existing artifacts, drafting individual sections such as Risk Registers, Data Classification Mappings, or Executive Summaries, and auditing existing draft reports for unsupported claims or structural weaknesses.
Every finding in the output is assigned one of five compliance statuses: Compliant, Partially Compliant, Non-Compliant, Not Applicable, or Needs Verification. Output is produced as British English Markdown tables and structured text, formatted for direct paste into Word or Excel.
This skill is not a substitute for live technical testing or automated vulnerability scanning. It works on documentation and artifacts that are supplied to it; it cannot independently connect to systems, run controls, or retrieve evidence from external sources.