Security Threat Model

The security-threat-model skill enables AI agents to systematically analyze software systems and applications for potential vulnerabilities. It generates comprehensive threat models that identify assets, data flows, and attack vectors based on industry-standard frameworks like STRIDE or PASTA.

When to use it

• Before launching a new feature to proactively identify security risks in the architecture.
• During code reviews to ensure security considerations align with business logic.
• When preparing for penetration testing to provide context on critical assets and trust boundaries.
• For compliance audits requiring documented evidence of threat analysis processes.

Key capabilities

• Identifies system assets, data flows, and threat actors within a defined scope.
• Maps attack vectors using recognized methodologies such as STRIDE or PASTA.
• Generates structured reports detailing potential risks, likelihood, and impact levels.
• Suggests mitigation strategies tailored to identified vulnerabilities.

Example prompts

• "Create a threat model for our new payment gateway integration using the STRIDE framework."
• "Analyze the data flow in our user authentication module and identify potential injection points."
• "Generate a security risk assessment for our mobile app's third-party API connections."

Tips & gotchas

Ensure you provide detailed system architecture diagrams or descriptions to enable accurate threat identification. This skill works best when combined with other security tools like static analysis scanners for comprehensive coverage.