AI GRC Skills Library
The public Move78 GitHub repository gives implementation teams a modular, workflow-first library for AI governance, risk, compliance, assurance, supplier risk, agentic AI security, and regulatory operations.
What the library is
This is not a theory page and it is not a generic prompt collection. It is a public repository of practical AI GRC skills that can be used to structure implementation work, assessments, evidence gathering, control mapping, supplier review, and regulatory operations.
The repository is organised around repeatable work streams. Teams can use it to break down governance tasks into clearer steps, align those tasks to recognised frameworks, and keep implementation work closer to the operating reality described across the wider Move78 guides and tools library.
It is modular by design. You do not need every category on day one. A team can start with framework mapping, supplier controls, agentic security, or oversight workflows and build from there.
Who it is for
- Governance and compliance leads building repeatable AI control workflows.
- Security teams reviewing agentic AI, tool access, prompt-injection exposure, and containment controls.
- Procurement, risk, and supplier-oversight teams screening third-party AI tools and evidence packs.
- Product, operations, and assurance teams who need operational steps instead of abstract policy language.
Category overview
The library follows a fixed category model so teams can route work by implementation need instead of by document sprawl.
Framework operating models
Skills for turning governance standards into usable task flows, control questions, and implementation checkpoints.
- ISO 42001 Governance
- NIST AI RMF Governance
- NIST AI 600-1 GenAI Risk Management
- OECD AI Governance and Classification
- Financial Services AI Risk Management Framework
Jurisdiction-specific obligations
Skills for screening regulatory triggers, assigning evidence tasks, and separating framework guidance from legal obligations.
- EU AI Act Compliance
- Colorado AI Act Impact Assessment
- South Korea High-Impact AI Readiness
Agentic controls and security workflows
Skills for approval gates, containment, exposure checks, technical safeguards, and threat-informed security review.
- Agentic AI Governance
- Agentic AI Security
- MITRE ATLAS AI Security
- MITRE ATLAS to Controls Mapping
- OWASP Agentic AI Mapping to ISO 42001
Asset, vendor, and dependency visibility
Skills for shadow AI discovery, inventory hygiene, supplier review, and traceability across AI systems and dependencies.
- AI System Inventory Shadow AI Discovery
- AIBOM AI Bill of Materials
- Third-Party AI Supplier Risk
Testing, reporting, and governance review
Skills that support pre-deployment assurance, executive oversight, human control, and incident governance.
- TEVV AI Assurance Pre-Deployment Testing
- Human Oversight Meaningful Human Control
- AI Board Reporting Executive Oversight
- AI Incident Management Incident Disclosure
Risk libraries and taxonomy support
Skills that help teams convert large external repositories and research models into practical risk-management inputs.
- MIT AI Risk Repository
- MIT AI Governance Mapping
Disclosure and synthetic-content traceability
Skills for provenance, content disclosure, and operational handling of synthetic media and transparency obligations.
- Content Provenance Synthetic Media Transparency
Practical use cases
Implementation teams usually need the same thing: a faster way to move from framework language to concrete tasks, owners, and evidence.
Control mapping and operating design
Use the framework category to break ISO 42001, NIST AI RMF, and related governance models into repeatable workflows for real operating teams.
Regulatory screening and readiness
Use the regulations category to frame trigger checks, role questions, documentation expectations, and evidence requests before legal review.
Agentic AI control gates
Use agentic and security skills to review approval logic, prompt-injection risk, containment plans, tool access, and shutdown thresholds.
Supplier and inventory discipline
Use inventory and suppliers skills to improve system inventory quality, third-party screening, AIBOM collection, and shadow AI discovery work.
Assurance and oversight routines
Use assurance and oversight skills to prepare board reporting, human oversight checks, incident handling flows, and pre-deployment assurance tasks.
Risk and provenance support
Use risk and landscape plus transparency and provenance skills to build sharper risk registers, disclosure workflows, and synthetic-content controls.
Use the library with Move78
The public repository stands on its own, but it is more useful when paired with the Move78 pages that define commercial controls, implementation guidance, assessments, and operating tools.
Commercial toolkit pages
Use these pages when you need pricing, product context, or packaged controls rather than a public reference layer.
Navigation hubs
Use the main hub pages to move from reference material into broader tool, guide, and download paths.
Framework and regulatory support pages
Use these pages when you want fuller implementation guidance behind the framework and regulation categories.
Security, suppliers, and inventory pages
Use these pages when you need operational guidance around supplier review, inventory quality, and agentic AI security work.
How the library supports implementation teams
Implementation teams do not need more generic AI commentary. They need a cleaner way to route governance work, review controls, frame evidence requests, and connect public reference material back to operating decisions. The AI GRC Skills Library gives them a modular starting point. Move78 gives them the linked tools, guides, assessments, and packaged controls needed to carry that work into execution.