@kajaril/compliance-audit-skill

A Claude Code skill that audits agent codebases for EU AI Act (Articles 12, 26) and GDPR compliance gaps. The Day 1 tool for kajaril sprint engagements.

Install

npx @kajaril/compliance-audit-skill

This copies SKILL.md into ~/.claude/skills/compliance-audit/ so the skill is available in all your Claude Code sessions.

Usage

Open Claude Code in the codebase you want to audit and run:

/compliance-audit

The skill will orient itself to the stack, audit 8 compliance dimensions, and produce COMPLIANCE_AUDIT.md with file-cited findings, severity ratings, effort estimates, and a sprint scope recommendation.

What it audits

| # | Dimension | Regulation | |---|-----------|-----------| | 1 | Logging coverage | AI Act Art. 12 | | 2 | Tamper-evidence | AI Act Art. 12 | | 3 | Lawful basis declarations | GDPR Art. 5–6 | | 4 | Subject linkage | AI Act Art. 12 | | 5 | Retention policy | GDPR Art. 5(1)(e) | | 6 | Human oversight hooks | AI Act Art. 26 | | 7 | Sovereignty signals | AI Act Art. 26 | | 8 | Data minimisation | GDPR Art. 5(1)(c) |

Output

COMPLIANCE_AUDIT.md in the audited project root, containing:

• Executive summary (DPO/CTO readable)
• Findings table with file:line citations
• Top-3 critical gaps
• Quick wins (< 2 hours each)
• Sprint scope recommendation
• "Looks logged but isn't" section

License

MIT — see LICENSE.