🎉 Scytale named 2026 G2 Best Software Award winner in GRC.

Scytale

Log in

Get a demo
Backround
GRC Skills Kit for Claude Code
Product Updates

Introducing the GRC Skills Kit for Claude Code

Talia Baxter

Head of Brand

Linkedin

“Built by practitioners, for the agents running compliance.”

New York, NY, May 4, 2026

Compliance doesn’t need to be rebuilt from scratch every time someone spins up an AI agent to help with SOC 2 readiness or ISO 27001 gap analysis. Yet that’s exactly what most teams end up doing – writing their own prompts, their own logic, their own edge case handling. Over and over again.

Today, Scytale is open-sourcing a GRC Skills Kit Claude-Code – a public GitHub repository of production-ready skills for AI compliance agents, covering the frameworks your team already lives inside.

Think of it as the npm for GRC. Instead of building agent skills from scratch, you pull what you need, use it, and contribute back. Pre-built. Framework-aligned. Vendor-neutral.

Why this exists

We’ve spent years deep in compliance workflows: running assessments, building controls, helping security teams get audit-ready across dozens of frameworks. That knowledge is hard-won. And it kept getting rebuilt: in spreadsheets, in runbooks, in custom scripts, and lately, in ad-hoc AI prompts.

When agentic AI tools started maturing, we saw the obvious next step: encode that practitioner knowledge into reusable agent skills. Not locked inside a product. Not proprietary. 

That’s the GRC Skills Kit. Scytale is its creator and curator, not its owner. That distinction matters. Open-source communities work because contributions are genuinely open, and the best ideas win regardless of where they come from.

What’s in the kit

The library ships with 10 complete skills today, built as Claude Code skills for GRC and compliance workflows. Each skill maps directly to a real compliance task an agent would need to perform.

Frameworks covered at launch:

  • SOC 2
  • ISO 27001
  • ISO 42001
  • GDPR
  • HIPAA
  • PCI DSS
  • SOX ITGC
  • NIST CSF
  • FedRAMP
  • TSA Cybersecurity

What makes a skill useful

A good agent skill isn’t just a prompt. It’s a structured, repeatable capability – something an agent can call, complete, and hand off cleanly. Each skill in the kit is built around that principle:

  • Ready to use: Drop into your agent workflow with a clean install flow and no manual wiring required.
  • Framework-aligned: Each skill maps to actual control language and audit requirements – not generic AI boilerplate.
  • Vendor-neutral: Not tied to Scytale’s platform. Works in any agentic setup that supports Claude Code skills.
  • Community-first: MIT licensed. Built to be forked, extended, improved, and contributed back.

Who it’s for

We built this for the people who are already doing this work, or about to be:

  • CTOs and security engineers who want to automate compliance workflows without starting from a blank prompt every time.
  • GRC teams adopting AI tooling who need a reliable, auditable foundation rather than hallucinated control mappings.

If you’ve ever written a custom prompt to help an AI agent understand what a SOC 2 Type II audit actually requires – this library is for you.

Why did we open-source it?

  1. Because safe, responsible AI in compliance shouldn’t be gatekept behind a paywall.
  2. Because every GRC team, auditor, and builder deserves a head start – not another closed black box.
  3. Because we’re done watching “AI compliance” vendors hype tools that hallucinate controls and cite frameworks they’ve never read.
  4. Because if we’re serious about agentic compliance as a category, the foundation has to be open.
  5. Because we’re confident. What we’re giving away is powerful. What we’ve built inside Scytale is on another level entirely.

How to get started

The full repository is available on GitHub. It includes a professional README, a clean project structure, CI configuration, full documentation, and all 10 skills ready to use. Getting set up takes minutes.

You can find The GRC Skills Kit for Claude Code here.

AI-native GRC for how teams work today.

Scytale G2 badge

What’s next

Ten frameworks today. This is just the starting line, and if the kit has already saved you hours, what’s coming next will change how you think about compliance entirely. Scytale is using this same foundation to launch a new generation of GRC agents: ones that don’t just assist your GRC program, they run it. Contribute to the library, star the repo, and stay close, as the next chapter of agentic compliance starts here.

Compliance is a team sport. So is building the infrastructure that makes compliance agents actually work. The GRC Skills Kit exists because this knowledge shouldn’t live in siloed prompts and internal runbooks – it should be shared, versioned, and improved in the open.

Star the repo. Use the skills. Build something. And if you improve it, send it back.

Talia Baxter

Talia Baxter

With over four years of experience in B2B SaaS marketing, Talia Baxter is the Head of Brand at Scytale and has played a key role in shaping the company’s brand and messaging around major security and data privacy frameworks like SOC 2, ISO 27001, GDPR, HIPAA, PCI DSS, and more. Talia leads brand, content, SEO, and product marketing... Read more

Product Updates

What’s New in Scytale

Product Updates

Scytale Achieves GRC Leader Award in G2’s Spring 2026 Report

Product Updates

Scytale Earns Spot in G2’s 2026 Best Software Awards for Best GRC Products

Product Updates

Scytale Wins Winter 2025 Digital Innovator Award from Intellyx

Share this article

A CTO’s Roadmap to Security Compliance: Your Go-To Handbook for Attaining SOC 2 and ISO 27001

Download eBook
Security Compliance for CTOs