メニュー
Fix or guide remediation for a specific security finding from the latest scan report
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
SOC 職業分類に基づく
| name | fix |
| description | Fix or guide remediation for a specific security finding from the latest scan report |
| argument-hint | <finding-id|CWE/file:line> [--dry-run] |
| disable-model-invocation | true |
| allowed-tools | ["Read","Edit","Grep","Glob","Bash","AskUserQuestion","Skill"] |
Remediate one finding from .security/triaged.json or .security/report.md.
Read .security/triaged.json. If it does not exist, tell the user to run /security:scan first.
Resolve $ARGUMENTS as:
finding-003CWE-89 src/db.py:42TRUE_POSITIVE findings.If the finding verdict is FALSE_POSITIVE, stop and suggest suppressing it with /security:scan --suppress <id>.
Route by CWE/category:
| CWE/category | Skill |
|---|---|
| CWE-78, CWE-79, CWE-89, injection, XSS | remediation-injection |
| CWE-798, CWE-287, CWE-502, auth, authorization, deserialization | remediation-auth |
| CWE-327, CWE-330, TLS, crypto, randomness | remediation-crypto |
| CWE-22, CWE-489, headers, deployment, config | remediation-config |
| Other | remediation-library |
Use the selected remediation skill for the fix pattern.
Read the affected file around the finding and only nearby helper code needed to make a safe edit. Do not broaden into unrelated security work.
If --dry-run is present, report the proposed change without editing.
Otherwise:
Report:
/security:scan --diff.Create or update the project security baseline, profile, suppressions file, and gitignore entries for security scans
Run a security assessment using deterministic static analysis tools with LLM-powered triage
Inspect and optionally install security scanning tools for the security plugin
Query ctx memory and inject results into context
Show ctx memory status (node counts, types, tiers, tokens)
MANDATORY persistent memory system for decisions, facts, patterns, and observations.