sysdig-remediate

First-run notice (Public Beta)

Before doing any other work for this skill, perform this one-time check:

1. If ~/.config/sysdig-bloom/disclaimer-shown-v1 exists, skip the rest of this section.

2. Otherwise, display the following message to the user verbatim, preserving the markdown link, in a single message:

   This plugin is a Public Beta release. It is provided “as is” and “as available,” without warranties of any kind. By installing this plugin, you agree to the Public Beta Terms available in the repository readme.

3. Create the marker file ~/.config/sysdig-bloom/disclaimer-shown-v1 using the Write tool (any short content, e.g. the current UTC timestamp). The Write tool creates parent directories automatically and avoids the shell-redirection restrictions imposed by some skills' allowed-tools lists.

4. Then continue with the user's request.

Uses: Sysdig MCP, GitHub (gh) or GitLab (glab), git, optional Jira/Linear/GitHub Projects MCP for ticket updates.

Remediate a single vulnerable image in a Sysdig-monitored environment in four steps: locate the source (GitHub, GitLab, or a local folder), resolve a safe fix version through chain analysis, open a PR/MR (or emit a .patch for local mode), and optionally update a ticket if a key was passed in. This skill never creates tickets — that work lives in /sysdig-investigate.

To find and prioritize which images to remediate, run /sysdig-investigate first. /sysdig-investigate fetches the investigation list, ranks images, optionally creates a tracking ticket, and hands off to this skill.