security-threat-model

What it does

This skill generates comprehensive security threat models based on provided repository context. It automatically identifies trust boundaries, critical assets within a system, potential attacker capabilities, possible abuse pathways, and suggests corresponding mitigation strategies. The output is formatted as a concise Markdown document, facilitating easy review and integration into existing documentation.

When to use it

• New Project Planning: Generate an initial threat model during the design phase of a new software project to proactively identify potential security risks.
• Codebase Review: Analyze an existing codebase to uncover vulnerabilities and weaknesses that might be exploited by attackers.
• Security Audits: Supplement manual security audits with automated threat modeling for broader coverage and faster analysis.
• Risk Assessment: Quickly assess the overall security posture of a system or application based on identified threats and mitigations.

Key capabilities

• Enumerates trust boundaries within a repository.
• Identifies critical assets requiring protection.
• Lists potential attacker capabilities.
• Maps abuse paths detailing how attackers might exploit vulnerabilities.
• Proposes mitigation strategies to address identified risks.
• Generates Markdown formatted threat model output.

Example prompts

• "Generate a threat model for this repository: [repository URL]"
• "Threat model the following code, focusing on potential data leakage: [code snippet]"
• “Create a security threat model for the authentication module in this project.”

Tips & gotchas

The skill's effectiveness is directly tied to the quality and completeness of the repository context provided. Ensure the input repository accurately reflects the system being analyzed for optimal results.