Security Threat Model

The security-threat-model skill guides AI agents to systematically identify and evaluate potential vulnerabilities within a specific software architecture or system design. It helps generate comprehensive threat assessments by analyzing attack vectors, data flows, and asset criticality based on provided context.

When to use it

• Before launching a new development project to establish a baseline security posture.
• During the design phase of an API or microservices architecture to spot logical flaws early.
• When reviewing third-party integrations to understand potential data leakage points.
• To create documentation for compliance audits requiring formal risk analysis.

Key capabilities

• Analyzes system architecture diagrams and descriptions for security weaknesses.
• Identifies specific attack vectors such as injection flaws, broken authentication, or insecure data transmission.
• Evaluates the impact of identified threats based on asset value and likelihood.
• Generates structured threat model reports suitable for stakeholder review.

Example prompts

• "Perform a security threat model on this microservices architecture diagram, focusing on inter-service communication risks."
• "Identify potential vulnerabilities in this data flow description where user PII is processed by an external vendor."
• "Create a threat assessment for a new login feature that uses JWT tokens without short expiration times."

Tips & gotchas

Ensure you provide detailed architectural context, including data flow diagrams or clear text descriptions of components, as the agent relies on this input to generate accurate models. This skill is a planning tool and should be validated by human security experts before implementation in high-stakes environments.