---
name: threat-model
description: Create a threat model for a feature or system — trust boundaries, attack vectors, risk assessment, and mitigations.
disable-model-invocation: true
argument-hint: "[feature-or-system]"
context: fork
agent: security-auditor
---

# Threat Model

Create an AppSec-grade threat model for `$ARGUMENTS`.

## Steps

1. **Scope & Extract:**
   - Read relevant code and documentation
   - Map primary components, data stores, entry points
   - Identify external integrations and trust boundaries

2. **Derive Boundaries & Assets:**
   - Enumerate trust boundaries with protocol/auth/encryption details
   - List risk-driving assets (user data, credentials, payment info, API keys)

3. **Attacker Profile:**
   - Define realistic attacker goals tied to the assets
   - Consider: anonymous external, authenticated user, compromised internal service
   - Note what attackers cannot do (scoping assumptions)

4. **Enumerate Threats:**
   - Frame as abuse paths: exfiltration, privilege escalation, integrity compromise, DoS
   - Tie each threat to a specific asset and boundary

5. **Prioritize:**
   - Rate: likelihood (low/medium/high) × impact (low/medium/high)
   - Risk tiers:
     - **High**: pre-auth RCE, auth bypass, cross-tenant access, key theft
     - **Medium**: targeted DoS, partial data exposure, rate-limit bypass
     - **Low**: low-sensitivity info leaks, noisy DoS

6. **Validate** — ask 1-3 targeted questions about deployment, auth, data sensitivity

7. **Recommend Mitigations** — concrete, tied to specific code locations and control types

## Output Format

```markdown
# Threat Model: [feature/system name]

## Scope
[Components, data flows, boundaries]

## Architecture Diagram
[Mermaid diagram showing components and trust boundaries]

## Assets
| Asset | Sensitivity | Location |
|-------|-------------|----------|

## Threats
| # | Threat | Asset | Likelihood | Impact | Priority | Mitigation |
|---|--------|-------|------------|--------|----------|------------|

## Assumptions
[What was assumed about deployment, auth, environment]

## Open Questions
[Questions for the team]
```