Third-party AI vendor risk assessment skill. Evaluates AI vendors and tools across five dimensions: security, privacy, AI-specific risks, contractual protections, and regulatory compliance. Outputs a vendor risk scorecard with a go/no-go recommendation. Two modes: quick triage (5-minute assessment) and deep due diligence. Use when evaluating AI tools for procurement, vendor due diligence, or third-party AI risk assessment.
Data governance and compliance guardrail. Triggers automatically on ANY interaction involving client data (fund names, portfolio company data, customer-identifiable information, valuation figures), personal data of real individuals (names, emails, employment records, compensation details), financial records (journal entries, statements, forecasts), legal documents (contracts, NDAs, agreements), or HR decisions (compensation, performance, hiring). Always invoke this skill before proceeding with tasks in these areas. Use it to assess compliance with configurable policies — no client data in prompts, GDPR/privacy data handling, and 4-eyes review enforcement — and determine whether to proceed, proceed with conditions, or block the request.
Configure Sentinel Stack for your organization. Walks through company name, industry, jurisdiction, compliance frameworks, AI risk appetite, and escalation contact. Re-runnable — shows current values so you only change what you need. Run this once after installing, then again whenever your governance settings change.
AI risk classification and governance skill. Classifies AI use cases by EU AI Act risk tier (Unacceptable/High/Limited/Minimal), enforces organizational AI acceptable use policies, determines transparency and human oversight requirements, tracks data lineage for AI-assisted outputs, and generates compliance artifacts for model governance. Use when evaluating AI use cases, building AI workflows, or assessing regulatory compliance.
Compliance audit log generator. Creates structured, immutable audit records (JSON-lines format) for guardrail decisions, DLP scans, 4-eyes review workflows, and AI-assisted outputs in regulated categories. Designed for SIEM and GRC platform ingestion with built-in retention governance per GDPR, SOC 2, and HIPAA. Use when you need audit logs, compliance trails, or interaction history.
Compliance artifact generator. Auto-generates audit evidence from guardrail detections, 4-eyes review gates, and DLP scans. Maps control evidence to SOC 2 Type II, ISO 27001, NIST CSF, and GDPR Article 30. Generates evidence packages on demand for auditors and tracks control effectiveness over time. Use for audit preparation, compliance evidence collection, or SOC 2/ISO 27001 artifact generation.
Living risk register manager. Auto-populates and maintains a risk register from guardrail detections (DLP, 4-eyes, behavioral anomalies). Scores risks on a 5x5 likelihood-impact matrix, tracks treatment plans (accept/mitigate/transfer/avoid), generates leadership risk reports, and assesses drift against organizational risk appetite. Use for risk assessments, risk matrix updates, or governance reporting.
Token-efficient communication mode. Compresses conversational prose (~65-75% output token savings) while keeping code, commands, and compliance artifacts untouched at full fidelity. Use when the user asks for "caveman mode", "brief mode", "less tokens", or when long sessions risk context pressure. Adapted from github.com/JuliusBrussee/caveman with sentinel-stack governance carve-outs.