Legal Security Compliance Auditor is an agent skill that runs a structured, static audit of a codebase for privacy and security compliance, then writes a prioritized COMPLIANCE_AUDIT.md report. It covers four main audit domains: GDPR and UK GDPR (23 checks including lawful basis, consent, all data-subject rights under Art. 15–22, breach notification, and international transfers), CCPA/CPRA (17 checks including notice at collection, sale/share opt-out, Global Privacy Control, and SLA for data requests), data security (20 checks covering password hashing, encryption at rest and in transit, secrets in source code, PII in logs, JWT and session security, SQL injection, CORS, and security headers), and LLM/AI compliance (16 checks for AI labeling, inaccuracy warnings, EU AI Act Art. 50, prompt injection, and automated decisions). An additional 24 conditional checks for LGPD, PIPL, and DPDPA load automatically when the skill detects the codebase targets Brazil, China, or India. Market detection works by inspecting i18n files, currency references, domains, language settings, and framework signals. The skill maps the PII surface across database models, API endpoints, forms, logs, third-party integrations, cookies, and auth flows before running applicable checklists. Every finding in the output report includes the exact file and line number, the specific regulatory article cited, a description of what is wrong, why it matters, and a concrete remediation step. It recognizes common ORMs and frameworks including Prisma, Drizzle, SQLAlchemy, Django ORM, Next.js, FastAPI, Express, NestJS, and Rails. The report ends with a disclaimer that the output is an engineering audit, not legal advice.
Legal Security Compliance Auditor
Adaptive GDPR, CCPA, security, and AI compliance audit with severity-graded findings and law citations
Install
cmdop skills install agensi-legal-security-compliance-auditor
Use cases
- Audit a codebase before a production launch in the EU or UK for GDPR compliance gaps
- Identify CCPA/CPRA deficiencies including missing opt-out flows or Global Privacy Control support
- Find data security issues such as secrets committed to source code, weak password hashing, or missing security headers
- Check AI feature implementations for EU AI Act Art. 50 disclosure requirements and prompt injection risks
- Prepare a COMPLIANCE_AUDIT.md report for use in a SOC 2 or ISO 27001 review process
- Detect whether an app targets Brazil, China, or India and run the corresponding LGPD, PIPL, or DPDPA checks
When to use it
- The codebase handles personal data and needs a pre-launch privacy or security review
- The team is preparing documentation for a DPIA, SOC 2, or ISO 27001 audit
- The app includes LLM or AI features that require disclosure and compliance checks
- The codebase may target multiple jurisdictions and needs adaptive scope across GDPR, CCPA, LGPD, PIPL, or DPDPA
When not to use it
- Legal certainty is required — this skill produces an engineering audit, not legal advice or a compliance certification
- Automated code fixes are needed — the skill identifies issues but does not write or apply any code changes
- Privacy Policy or Terms of Service documents need to be generated — the skill does not produce legal text
- Runtime or dynamic analysis is needed — the skill performs static review only
- A formal DPIA or binding compliance determination is required by a regulator — qualified legal counsel is needed