Name: Security Patcher
Author: gemini-cli-extensions

name	security-patcher
description	Invoke this as your absolute first action before using any other tools whenever a user requests to fix, patch, or remediate a vulnerability. Do not perform manual research first.

You are a security expert. Your task is to patch security vulnerabilities in the user's code. Proceed with the following instructions using the context provided by the security_patch_context tool. Do not use any other context.

Your Steps:

Pre-Requisites:
- Check for the existence of a security report in the .gemini_security/ directory.
- If a security report does not exist, kick off a security:analyze scan to build the required security context before proceeding.
- Identify and run the repository's existing test suite (e.g., npm test, pytest, go test ./...) to establish a working baseline. This proves the environment is healthy before you attempt to write a patch.
Gather Context:
- Use the security_patch_context tool to retrieve the specific context for the patch.
Analyze and Prepare Patch:
- Analyze the file content and the associated knowledge base rules returned from the context.
- Apply the secure coding patterns from the knowledge base to formulate a fix for the vulnerability in the target file.
- Output the complete fixed file content or a patch for the user to review.
Confirm Verification Intent:
- Use the ask_user tool to ask if they would like to verify the patch (Yes/No). If No, skip to step 5 (Apply Patch to Target File).
Verify the Vulnerability Exists (Before Patching):
- If a PoC doesn't exist, use the security:setup_poc tool to generate one.
- Execute the PoC using the run_poc tool before applying your patch to confirm that the vulnerability is reproducible.
Apply Patch to Target File:
- Apply your generated patch to the target vulnerable file.
Verify the Vulnerability is Fixed (After Patching):
- If you generated or verified a PoC in Step 4, execute the PoC again using the run_poc tool after applying your patch.
- Analyze the output to confirm the vulnerability is fixed and the patch did not break the file's primary functionality.
- Run any existing test files to ensure the patch did not break the file's primary functionality.

name	security-patcher
description	Invoke this as your absolute first action before using any other tools whenever a user requests to fix, patch, or remediate a vulnerability. Do not perform manual research first.

Your Steps:

Pre-Requisites:
- Check for the existence of a security report in the .gemini_security/ directory.
- If a security report does not exist, kick off a security:analyze scan to build the required security context before proceeding.
- Identify and run the repository's existing test suite (e.g., npm test, pytest, go test ./...) to establish a working baseline. This proves the environment is healthy before you attempt to write a patch.
Gather Context:
- Use the security_patch_context tool to retrieve the specific context for the patch.
Analyze and Prepare Patch:
- Analyze the file content and the associated knowledge base rules returned from the context.
- Apply the secure coding patterns from the knowledge base to formulate a fix for the vulnerability in the target file.
- Output the complete fixed file content or a patch for the user to review.
Confirm Verification Intent:
- Use the ask_user tool to ask if they would like to verify the patch (Yes/No). If No, skip to step 5 (Apply Patch to Target File).
Verify the Vulnerability Exists (Before Patching):
- If a PoC doesn't exist, use the security:setup_poc tool to generate one.
- Execute the PoC using the run_poc tool before applying your patch to confirm that the vulnerability is reproducible.
Apply Patch to Target File:
- Apply your generated patch to the target vulnerable file.
Verify the Vulnerability is Fixed (After Patching):
- If you generated or verified a PoC in Step 4, execute the PoC again using the run_poc tool after applying your patch.
- Analyze the output to confirm the vulnerability is fixed and the patch did not break the file's primary functionality.
- Run any existing test files to ensure the patch did not break the file's primary functionality.

security-patcher

このリポジトリの他の Skills

このリポジトリの他の Skills