Compliance Evidence Collector

Updated May 13, 2026

What this skill does

Automates the collection and organization of compliance evidence for SOC2, ISO 27001, or HIPAA audits. Pulls evidence from AWS configurations, Google Drive policies, and Jira tickets, then organizes findings into a structured evidence package with control mappings and gap identification.

Example

PROMPT

Context: Preparing for SOC2 Type II audit Company: 200-person SaaS company, B2B product Environment: AWS (production, staging), Google Workspace, Jira/Confluence Timeline: Audit in 8 weeks, need evidence package by week 4 Controls in scope: CC6.1 (Logical access), CC6.6 (Change management), A1.2 (Risk assessment)

OUTPUT

Compliance Evidence Collection Summary — SOC2 Type II FRAMEWORK: SOC2 Trust Services Criteria SCOPE: CC6 (Logical and Physical Access), A1 (Risk Assessment) EVIDENCE SOURCES: AWS, Google Drive, Jira COLLECTION DATE: 2026-02-12 CONTROLS MAPPED | Control | Description | Evidence Gathered | Status | |-----------|--------------------------|------------------------|----------| | CC6.1 | Logical access controls | IAM policies, MFA config | Complete | | CC6.6 | Change management | Jira change tickets | Complete | | A1.2 | Risk assessment | Risk register, findings | Partial | EVIDENCE GATHERED (by source) AWS: IAM user list (12), MFA status (100% enabled), S3 bucket policies (8), CloudTrail config G Drive: Access control matrix, sharing settings audit, DLP policy exports Jira: 45 change tickets (last 90 days), approval workflows, release process docs GAPS IDENTIFIED 1. A1.2 — Risk register missing 2 quarterly reviews (Q3, Q4 2025) 2. CC6.1 — 3 contractors have console access; recommend bastion + SSO 3. CC6.6 — 12% of changes lacked formal approval ticket REMEDIATION TICKETS CREATED Jira: COMP-101, COMP-102, COMP-103 with due dates and assignees

Required Tools

AWS

Google Drive

Jira

Compatible Agents

Claude

Cursor

Windsurf

ChatGPT

GitHub Copilot

Any MCP-compatible agent

Add to your agent

Download Skill

Or install via CLI:
$ npx skills add webrix-ai/agent-skills --skill compliance-evidence-collector

Deploy Org-wide

Provision to teams via RBAC

Identity-aware execution

Signed & verified skills

Full audit trail

Auto-bundled with required MCP servers

Use with

Free for up to 5 users

Related Skills

Abandoned Cart Recovery

Detects abandoned carts and triggers recovery workflows including email sequences, discount offers, and retargeting campaigns. Analyzes cart abandonment patterns to identify friction points in the checkout flow. Tracks recovery rate and revenue recaptured.

A/B Testing

Helps design statistically rigorous A/B tests for marketing campaigns, landing pages, and product features. Calculates required sample sizes, defines success metrics, sets up test variants, and analyzes results with confidence intervals. Prevents common testing mistakes like peeking and underpowered tests.

AI Adoption Dashboard Builder

Creates a multi-tab analytics dashboard for tracking AI tool adoption across your engineering organization. Includes executive KPIs, team-level adoption curves, per-tool usage breakdowns, productivity impact comparisons, and cost tracking. Optionally generates a Grafana dashboard JSON for real-time monitoring.

AI Adoption Readiness Assessment

A structured assessment framework that scores your organization across five critical dimensions of AI readiness. Produces an actionable scorecard with prioritized recommendations, a detailed gap analysis spreadsheet, and optional Jira tickets to track remediation efforts.

Your agents are already in the wild.

Give them a Basecamp. Go from AI chaos to AI work, in minutes.

Get Started

See a Demo