threat-modelinglisted

Performs STRIDE threat modeling for features, APIs, and architecture changes, producing a threat model document with risk-rated threats, mitigations, and security stories ready for the backlog. Use during sprint planning or design review. Triggers on: "threat model", "STRIDE", "security risks of this feature", "what could go wrong with this design", "security review of architecture".
timwukp/agent-skills-best-practice · ★ 4 · AI & Automation · score 80

Install: claude install-skill timwukp/agent-skills-best-practice

# Threat Modeling (STRIDE) Produce a lightweight, sprint-compatible threat model: 15-30 minutes of structured analysis, not a multi-week security assessment. The output is a threat model document plus security stories the team can schedule. ## Process 1. **Establish the data flow.** Ask for (or derive from the code/design) the feature's data flow: actors, entry points, services, data stores, and trust boundaries. Summarize it as `Actor → Component → ... → Store`, marking each trust boundary crossing with `||`. If the user has architecture docs or code, read them instead of asking. 2. **Walk the STRIDE categories** against each trust boundary crossing (see table below). For each plausible threat, capture: description, category, likelihood (H/M/L), impact (H/M/L), and a concrete mitigation. Skip categories that genuinely don't apply — do not pad the table. 3. **Rate risk** as High if likelihood or impact is High and the other is at least Medium; Low only if both are Low; otherwise Medium. 4. **Generate security stories** for every High and Medium threat using the story format below (or hand off to the security-story-writing skill if it is available). Low threats go to the residual risk list with a one-line acceptance rationale. 5. **Deliver the document** using the template, and tell the user which stories should enter the next sprint. ## STRIDE Categories | Category | Question to ask | Typical mitigations | |----------|-----------------|---------------------| | Spoofing |