بنقرة واحدة
fix
Fix or guide remediation for a specific security finding from the latest scan report
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
Fix or guide remediation for a specific security finding from the latest scan report
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
Create or update the project security baseline, profile, suppressions file, and gitignore entries for security scans
Run a security assessment using deterministic static analysis tools with LLM-powered triage
Inspect and optionally install security scanning tools for the security plugin
Query ctx memory and inject results into context
Show ctx memory status (node counts, types, tiers, tokens)
MANDATORY persistent memory system for decisions, facts, patterns, and observations.
| name | fix |
| description | Fix or guide remediation for a specific security finding from the latest scan report |
| argument-hint | <finding-id|CWE/file:line> [--dry-run] |
| disable-model-invocation | true |
| allowed-tools | ["Read","Edit","Grep","Glob","Bash","AskUserQuestion","Skill"] |
Remediate one finding from .security/triaged.json or .security/report.md.
Read .security/triaged.json. If it does not exist, tell the user to run /security:scan first.
Resolve $ARGUMENTS as:
finding-003CWE-89 src/db.py:42TRUE_POSITIVE findings.If the finding verdict is FALSE_POSITIVE, stop and suggest suppressing it with /security:scan --suppress <id>.
Route by CWE/category:
| CWE/category | Skill |
|---|---|
| CWE-78, CWE-79, CWE-89, injection, XSS | remediation-injection |
| CWE-798, CWE-287, CWE-502, auth, authorization, deserialization | remediation-auth |
| CWE-327, CWE-330, TLS, crypto, randomness | remediation-crypto |
| CWE-22, CWE-489, headers, deployment, config | remediation-config |
| Other | remediation-library |
Use the selected remediation skill for the fix pattern.
Read the affected file around the finding and only nearby helper code needed to make a safe edit. Do not broaden into unrelated security work.
If --dry-run is present, report the proposed change without editing.
Otherwise:
Report:
/security:scan --diff.