Eye Security

ACTIVATE on ANY request that involves writing, generating, reviewing, modifying, or outputting source code in any programming language — Python, JavaScript, TypeScript, Go, Java, Rust, C#, SQL, Terraform, or any other. This includes functions, endpoints, scripts, migrations, infrastructure-as-code, config files with logic, and code snippets in responses. Every piece of code the LLM produces must include structured audit logging for security-relevant operations. Also activate when the user asks about audit logs, compliance logging, or traceability. Ensures NIS2 and ISO 27001 compliant logging (structured, no string interpolation, no secrets in logs).

ACTIVATE when making changes that affect critical assets: deployments, database migrations, schema changes, Terraform/IaC modifications, access control or IAM changes, firewall rules, TLS certificates, environment variables on production, or dependency upgrades. Ensures every change is documented, impact-assessed, approved, and reversible per NIS2 Art. 21(2)(e) and ISO 27001 A.8.32.

ACTIVATE when the user asks about centralising compliance records, log collection, audit trail persistence, log retention, SIEM integration, or agent observability. Central collection point for all complisec output: audit logs, incident records, change records, and vendor assessments. Configures immutable cloud storage and optionally connects observability platforms.

EU compliance enforcement for AI agents — NIS2, GDPR, ISO 27001. ACTIVATE on EVERY prompt. Reads .compliance/profile.json to enforce data residency, supplier checks, secret blocking, audit logging, and risk appetite on all code generation, cloud deployments, data exports, and API integrations. Invoke /complisec setup to create the org profile.

ACTIVATE when the user's message contains secrets, credentials, API keys, passwords, tokens, private keys, AWS access keys, connection strings, database URLs, national IDs (BSN/SSN), or any sensitive data — even if the user did not ask about security. Also activate when asked to classify data, scan for PII, or review code for credential exposure. This skill BLOCKS secrets in prompts and enforces EU data protection rules (GDPR, NIS2, ISO 27001).

Curated index of official EU and national (member state) compliance sources, including directives, transposition laws, and regulatory guidance. ACTIVATE when answering questions about EU regulations or national implementations (NIS2, GDPR, DORA, AI Act, Cyberbeveiligingswet, etc.) — especially differences between EU directives and local laws, applicability, enforcement, timelines, or legal obligations. Also activate for conceptual or comparative questions ("what changed", "how does NL differ from the EU directive"). Always verify current legal status and ground answers in authoritative sources instead of relying on general knowledge.

ACTIVATE when a security incident, data breach, outage, or suspicious event is reported, discussed, or detected. Guides structured incident documentation through the full lifecycle: detection → triage → response → notification → recovery → lessons learned. Ensures NIS2 24/72h/30d notification deadlines and GDPR 72h breach reporting are met. Also activate when the user asks about incident response procedures, or breach notification obligations.

ACTIVATE when the user asks about NIS2, Cyberbeveiligingswet (Cbw), NIS2 applicability, NIS2 gap analysis, or NIS2 compliance assessment. Interview-driven gap analysis with 5-level maturity scoring field-tested by security consultants.

ACTIVATE when the user wants to create or update their organisation's compliance profile, or invokes /org-profile setup. Runs a questionnaire to capture identity, critical assets, data residency, risk appetite, suppliers, and legal obligations — outputs a compact profile for enforcement.

ACTIVATE when the user asks to write, create, draft, or generate a risk assessment, risk entry, risk evaluation, or threat/vulnerability description — or when the user describes a threat, vulnerability, weakness, new business activity, or scenario they want risk-assessed. Covers information security, compliance, operational, vendor, HR, physical, and quality risks within the ISO 27001 framework. Produces a structured risk entry with Risk Evaluation + Risk Treatment tables, L/M/H scoring, and guided likelihood/impact questions.

ACTIVATE when the user asks about compliance tooling, risk assessment methods, critical assets (crown jewels), or how to assess their organisation's security posture for EU regulations (NIS2, GDPR, ISO 27001). Curated index of tools and methodologies that support EU compliance — not generic AppSec tooling.

ACTIVATE when integrating a new service, API, SaaS tool, SDK, npm/pip/maven package, Docker image, or any third-party dependency — or when discussing suppliers, vendors, processor agreements, or supply chain security. Also activate on imports from unknown packages or adding external webhooks/endpoints. Ensures every new vendor or dependency is assessed against the org's critical assets, data residency, and NIS2 Art. 21(2)(d) supply chain requirements.