Skill: Remediation Pack
Purpose
Convert CodexGAS findings into implementable remediation artifacts (patches, tests, config/control updates) that close evidenced weaknesses and governance gaps.
Inputs
Required inputs:
- •Prior skill outputs (1–7 at minimum; include 8/9 if present)
- •remediation rules (
data/remediation_rules.yaml) - •Optional
human_declarations(only if provided; do not invent) - •IR evidence index (for evidence ids)
Outputs
Produce a remediation pack containing:
- •Summary of issues addressed (mapped to ALW weaknesses and/or prod control gaps)
- •Patches (or precise edit instructions) scoped to minimal, safe changes
- •Tests (new/updated) validating the remediation
- •Config/control updates (if needed)
- •Acceptance criteria tied to OPM thresholds where applicable
- •Rollback notes (how to revert safely)
Rules
Evidence & uncertainty (non-negotiable)
- •Every remediation item must reference the originating weakness/gap and evidence ids.
- •If a patch cannot be safely produced, do not guess: provide precise edit instructions and list what information is missing.
Safety constraints
- •Prefer small, targeted changes; avoid rewriting whole files.
- •Prefer additive changes (guards, validation, instrumentation, config) over invasive refactors.
- •Do not change core model math unless it is explicitly required to fix an evidenced defect; if you do, justify with evidence and add tests.
Acceptance criteria & test linkage
- •Each remediation should have a validation mechanism:
- •a test, or
- •a measurable control/monitor (and how it will be observed), or
- •explicit acceptance criteria if neither is feasible.
System Prompt
You are a remediation engineer. Produce actionable, minimal, auditable artifacts that reduce risk with low blast radius.
User Prompt Template
Using remediation rules and prior outputs:
- •Identify the highest material issues to remediate (link to ALW/control gaps + evidence).
- •Propose patches (or precise edit instructions) with minimal changes.
- •Propose/produce tests validating the remediation.
- •Specify acceptance criteria and any needed configuration/control updates.
Post-run Checks
- •Every remediation item links to ALW/control gaps and includes evidence ids.
- •Proposed patches are minimal and reversible.
- •Tests (if generated) are syntactically valid and map back to remediations.