Skills ki-register-use-case-documenter
📋

ki-register-use-case-documenter

Low Risk ⚙️ External commands🌐 Network access📁 Filesystem access🔑 Env variables

Document AI Use Cases for EU AI Act Compliance

Organizations deploying AI systems need structured governance records for EU AI Act compliance, but creating them from codebases and stakeholder knowledge is time-consuming. This skill inspects code or interviews users to produce validated, reviewable manifests ready for KI-Register submission.

Supports: Claude Codex Code(CC)
🥉 78 Bronze
1

Download the skill ZIP

2

Upload in Claude

Go to Settings → Capabilities → Skills → Upload skill

3

Toggle on and start using

Agent-readable resources

Use these links when an AI agent, crawler, or script needs clean context instead of reading the full page.

Markdown detail GET /skills/egonso-ki-register-use-case-documenter.md Signed manifest GET /api/skills/egonso-ki-register-use-case-documenter/manifest Signed lockfile GET /api/skills/egonso-ki-register-use-case-documenter/lockfile

Test it

Using "ki-register-use-case-documenter". Document the AI use case in this project. Start by reading the README and main configuration.

Expected outcome:

  • Identified AI component: content-moderation service using an LLM classifier
  • Data categories: user-generated text, moderation labels
  • Human checkpoint: human reviewer for flagged content above confidence threshold
  • Draft manifest created at docs/agent-workflows/content-moderation/manifest.json
  • README generated with purpose, systems, risks, and controls
  • 3 fields marked as missing — requires follow-up interview

Using "ki-register-use-case-documenter". Validate and submit the manifest for the customer-support-chatbot use case.

Expected outcome:

  • Validation: passed (all required fields present, schema compliant)
  • Summary: AI-assisted chatbot for tier-1 support, 12 systems, 4 human checkpoints
  • Awaiting explicit confirmation before submission to KI-Register

Security Audit

Low Risk
v1 • 6/5/2026

All 45 static findings are false positives. The backtick patterns are Markdown inline code formatting, not shell execution. Hardcoded URLs point to the legitimate KI-Register service. Path traversal sequences are relative path documentation. API key references are environment variable names and example placeholders, not real secrets. The skill follows proper security practices: secrets via environment variables, explicit human confirmation before submission, and no hardcoded credentials.

2
Files scanned
120
Lines analyzed
6
findings
1
Total audits
Low Risk Issues (2)
SKILL.md:22SKILL.md:23SKILL.md:29
Markdown backticks flagged as shell execution
The static scanner flagged 26 instances of backtick characters as 'Ruby/shell backtick execution'. These are all Markdown inline code formatting (e.g., `studio-agent capture`, `docs/agent-workflows/<slug>/manifest.json`) used in documentation to reference CLI commands and file paths. No actual shell execution occurs from these patterns.
SKILL.md:109
Relative path references in documentation
The scanner flagged path traversal sequences in line 109. These are relative path references in documentation (../../schemas/, ../../examples/) showing where schema and example files are located relative to the skill. No file system access is performed by these patterns.

Risk Factors

⚙️ External commands (26)
SKILL.md:22 SKILL.md:23 SKILL.md:29 SKILL.md:30 SKILL.md:30 SKILL.md:31 SKILL.md:31 SKILL.md:32 SKILL.md:32 SKILL.md:33 SKILL.md:41 SKILL.md:47 SKILL.md:47 SKILL.md:47 SKILL.md:68-73 SKILL.md:73-77 SKILL.md:77-84 SKILL.md:84-101 SKILL.md:101-102 SKILL.md:102-103 SKILL.md:103-108 SKILL.md:108-109 SKILL.md:109 SKILL.md:109 SKILL.md:109 SKILL.md:109-110
🌐 Network access (5)
SKILL.md:5 SKILL.md:7 SKILL.md:32 SKILL.md:32 SKILL.md:83
📁 Filesystem access (6)
SKILL.md:109 SKILL.md:109 SKILL.md:109 SKILL.md:109 SKILL.md:109 SKILL.md:109
🔑 Env variables (3)
SKILL.md:11 SKILL.md:33 SKILL.md:78
Audited by: claude

Quality Score

55
Architecture
100
Maintainability
87
Content
65
Community
86
Security
91
Spec Compliance

What You Can Build

Compliance Officer Building Audit Records

A compliance officer needs to document all AI systems in use across the organization for an upcoming EU AI Act audit. The skill inspects each project repository, extracts evidence of AI usage, and produces standardized manifests ready for review.

Engineering Lead Documenting a New AI Feature

An engineering team has just shipped a feature that uses an LLM for content generation. Before launch, the lead uses the skill to interview the team, capture the workflow, data categories, and human oversight mechanisms, and submit the manifest to KI-Register.

Procurement Team Evaluating AI Vendors

A procurement specialist receives an AI vendor proposal and needs a structured use case record to evaluate against internal governance requirements. The skill captures the vendor's workflow details and produces a comparable manifest.

Try These Prompts

Quick Codebase Inspection 
Use ki-register-use-case-documenter to inspect this project. Read the README, main entry points, and configuration files. Produce a draft manifest covering the AI use case, data categories, and human checkpoints. Mark anything unclear as missing.
Stakeholder Interview Mode 
Use ki-register-use-case-documenter in interview mode. Ask me one question at a time to document this AI workflow. Start with the intended purpose, then cover data, decision influence, human oversight, risks, and controls.
Validate and Submit 
Use ki-register-use-case-documenter to validate the manifest at docs/agent-workflows/<slug>/manifest.json. If it passes, show me the summary and wait for my explicit confirmation before submitting to KI-Register.
Batch Onboarding 
Use ki-register-use-case-documenter to onboard all AI-related projects in the ./services directory. For each project, run capture, validate, and queue the manifests for my review before any submission.

Best Practices

  • Always validate the manifest locally before requesting submission approval
  • Never write API keys into generated manifest files, READMEs, or logs
  • Use codebase inspection first and interview mode only to fill in gaps
  • Mark uncertain risk classifications as 'needs review' rather than guessing

Avoid

  • Submitting a manifest without explicit human confirmation of the summary
  • Hardcoding KI_REGISTER_API_KEY in scripts or committing it to version control
  • Overclaiming risk classification without supporting evidence in the codebase
  • Creating duplicate workflow folders for the same operational use case

Frequently Asked Questions

What is KI-Register?
KI-Register is a governance platform for EU AI Act compliance. It stores structured AI use case records for audit preparation, procurement, and regulatory review.
Do I need a KI-Register account to use this skill?
You can generate and validate manifests without an account. An account and API key are only required for the final submission step.
How does the skill handle my API key?
The skill expects the API key in the KI_REGISTER_API_KEY environment variable. It explicitly avoids writing keys into manifests, READMEs, logs, or version control.
Can it classify my AI system's risk level under the EU AI Act?
No. The skill documents evidence and flags uncertain areas. Risk classification must be done by qualified human reviewers.
What capture mode should I use?
Use codebase inspection when the AI is visible in the repository. Use stakeholder interview when the process is organizational. Use low-friction capture when most context is already known.
Is the output legally binding?
No. The skill supports structured governance documentation and review. It is not a substitute for legal advice or a conformity assessment.

Developer Details

Author

Egonso

License

MIT

Repository

https://github.com/Egonso/ki-register-agent-kit/tree/main/skills/ki-register-use-case-documenter/

Ref

main

File structure

📁 agents/

📄 openai.yaml

📄 SKILL.md