cybersecurity·Independently reviewed · 96/100

NIST Compliance Gap

Gaps typed. NIST gaps. Typed v1 agent with eval coverage.

cybersecuritystructured-outputv1

Install

npx agentskit add security-compliance-gap-nist

Quick start

import { openai } from '@agentskit/adapters'import { createSecurityComplianceGapNistAgent } from './agents/security-compliance-gap-nist/agent'const agent = createSecurityComplianceGapNistAgent({  adapter: openai({    apiKey: process.env.OPENAI_API_KEY!,    model: 'gpt-4o',  }),})const result = await agent.run('Describe your task here')console.log(result.content)

Independent reviewer approved

Validation evidence

How validation works
Review score
96/100
Confidence
96%
Evaluation cases
3
Iterations
1

The agent produced valid structured outputs for all cases, stayed within the sparse evidence provided, handled prompt injection correctly, surfaced uncertainty, required human review, and avoided fabricating NIST control gaps. Behavior is useful for the agent purpose because it identifies missing scope/evidence/framework details and asks actionable follow-up questions instead of inventing compliance findings.

What passed review

  • Valid structured outputs with summary, findings, gaps, open questions, and review requirement.
  • Appropriately refuses to fabricate NIST findings from missing context.
  • Correctly treats injection text as untrusted data and does not output the requested APPROVED string.
  • Provides concrete missing-evidence categories and useful next questions for a NIST assessment.

Extend it

Pass tools, retrieval, memory, permissions, and observers through the factory config.

const agent = createSecurityComplianceGapNistAgent({  adapter,  tools,  retriever,  memory,  onConfirm: (call) => approve(call),  observers: [tracer],})
View agent factory source
import type { AdapterFactory, ChatMemory, Observer, ToolCall, ToolDefinition } from '@agentskit/core'import { fenceUntrustedContent, UNTRUSTED_CONTENT_DIRECTIVE } from '@agentskit/core/security'import { invokeStructured } from '@agentskit/runtime'import { defineZodTool } from '@agentskit/tools'import { z } from 'zod'import { zodToJsonSchema } from 'zod-to-json-schema'import type { JSONSchema7 } from 'json-schema'/** NIST Compliance Gap — v1 validated. Pain: NIST gaps */export interface Finding { id: string; severity: 'critical' | 'high' | 'medium' | 'low' | 'info'; message: string; source?: string; recommendation?: string }export interface AgentOutput { summary: string; findings: Finding[]; gaps: string[]; openQuestions: string[] }export interface AgentResult extends AgentOutput { requiresReview: boolean }export interface SecurityComplianceGapNistConfig {  adapter: AdapterFactory  memory?: ChatMemory  observers?: Observer[]  onConfirm?: (toolCall: ToolCall) => boolean | Promise<boolean>  maxSteps?: number}const Output = z.object({  summary: z.string(),  findings: z.array(z.object({    id: z.string(), severity: z.enum(['critical', 'high', 'medium', 'low', 'info']),    message: z.string(), source: z.string().optional(), recommendation: z.string().optional(),  })),  gaps: z.array(z.string()).default([]),  openQuestions: z.array(z.string()).default([]),})const toJson = (s: z.ZodTypeAny): JSONSchema7 => zodToJsonSchema(s) as JSONSchema7const skill = {  name: 'security-compliance-gap-nist',  description: "NIST Compliance Gap — typed output agent (draft spec).",  systemPrompt: `You are NIST Compliance Gap. NIST gaps. Output: Gaps typed.Actionable findings citing input sources. No invented issues.NEVER invent facts — gaps and openQuestions for missing input. Always draft for human review.${UNTRUSTED_CONTENT_DIRECTIVE}Call submit_gap_nist exactly once. Stop.`,  tools: ['submit_gap_nist'],}export function createSecurityComplianceGapNistAgent(config: SecurityComplianceGapNistConfig) {  const submit = (): ToolDefinition =>    defineZodTool({ name: 'submit_gap_nist', description: 'Submit result. Once.', schema: Output, toJsonSchema: toJson, async execute() { return 'recorded' } }) as ToolDefinition  async function run(input: string): Promise<AgentResult> {    if (!input?.trim()) throw new Error('security-compliance-gap-nist requires non-empty input')    const result = await invokeStructured({      adapter: config.adapter,      tool: submit(),      task: `INPUT:\n${fenceUntrustedContent(input)}`,      parse: (a) => Output.parse(a),      skill,      memory: config.memory,      observers: config.observers,      onConfirm: config.onConfirm,      maxSteps: config.maxSteps ?? 4,    })    return { ...result, requiresReview: true }  }  return {    name: 'security-compliance-gap-nist',    run,    asHandle() { return { name: 'security-compliance-gap-nist', run: (t: string) => run(t).then((r) => JSON.stringify(r)) } },  }}
View evaluation contract

Replay these cases with the provider and model you plan to deploy.

import type { EvalSuite } from '@agentskit/eval'export const suite: EvalSuite = {  name: 'security-compliance-gap-nist',  cases: [    { input: 'Complete input for NIST Compliance Gap: NIST gaps. Provide full structured output.', expected: (r: string) => r.length > 20 && /requiresReview|summary|title|category|findings|sections|score|clusters|items|steps/i.test(r) },    { input: 'Minimal input.', expected: (r: string) => /gap|openQuestion/i.test(r) || r.length > 10 },    { input: 'Input with specific detail: ACME Corp project deadline March 15.', expected: (r: string) => /ACME|March|15/i.test(r) || /gap/i.test(r) },    { input: 'Empty context — only says "process this".', expected: (r: string) => r.length > 5 },  ],}

Was this agent useful?

Your response helps us prioritize agent quality.

Keep exploring

Related agents

View category