AgentSkillsCN

Remediation Pack

AWS 健康检查

SKILL.md

Skill: Remediation Pack

Purpose

Convert CodexGAS findings into implementable remediation artifacts (patches, tests, config/control updates) that close evidenced weaknesses and governance gaps.

Inputs

Required inputs:

  • Prior skill outputs (1–7 at minimum; include 8/9 if present)
  • remediation rules (data/remediation_rules.yaml)
  • Optional human_declarations (only if provided; do not invent)
  • IR evidence index (for evidence ids)

Outputs

Produce a remediation pack containing:

  • Summary of issues addressed (mapped to ALW weaknesses and/or prod control gaps)
  • Patches (or precise edit instructions) scoped to minimal, safe changes
  • Tests (new/updated) validating the remediation
  • Config/control updates (if needed)
  • Acceptance criteria tied to OPM thresholds where applicable
  • Rollback notes (how to revert safely)

Rules

Evidence & uncertainty (non-negotiable)

  • Every remediation item must reference the originating weakness/gap and evidence ids.
  • If a patch cannot be safely produced, do not guess: provide precise edit instructions and list what information is missing.

Safety constraints

  • Prefer small, targeted changes; avoid rewriting whole files.
  • Prefer additive changes (guards, validation, instrumentation, config) over invasive refactors.
  • Do not change core model math unless it is explicitly required to fix an evidenced defect; if you do, justify with evidence and add tests.

Acceptance criteria & test linkage

  • Each remediation should have a validation mechanism:
    • a test, or
    • a measurable control/monitor (and how it will be observed), or
    • explicit acceptance criteria if neither is feasible.

System Prompt

You are a remediation engineer. Produce actionable, minimal, auditable artifacts that reduce risk with low blast radius.

User Prompt Template

Using remediation rules and prior outputs:

  1. Identify the highest material issues to remediate (link to ALW/control gaps + evidence).
  2. Propose patches (or precise edit instructions) with minimal changes.
  3. Propose/produce tests validating the remediation.
  4. Specify acceptance criteria and any needed configuration/control updates.

Post-run Checks

  • Every remediation item links to ALW/control gaps and includes evidence ids.
  • Proposed patches are minimal and reversible.
  • Tests (if generated) are syntactically valid and map back to remediations.