olek/AI_template
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fd283fd9f263c708a230cc229e2e7730fc04c533
AI_template/.claude/skills/threat-model/SKILL.md
olekhondera 5b28ea675d add SKILL
2026-02-14 07:38:50 +02:00

70 lines
2.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
name: threat-model
description: Create a threat model for a feature or system — trust boundaries, attack vectors, risk assessment, and mitigations.
disable-model-invocation: true
argument-hint: "[feature-or-system]"
context: fork
agent: security-auditor
---
# Threat Model
Create an AppSec-grade threat model for `$ARGUMENTS`.
## Steps
1. **Scope & Extract:**
- Read relevant code and documentation
- Map primary components, data stores, entry points
- Identify external integrations and trust boundaries
2. **Derive Boundaries & Assets:**
- Enumerate trust boundaries with protocol/auth/encryption details
- List risk-driving assets (user data, credentials, payment info, API keys)
3. **Attacker Profile:**
- Define realistic attacker goals tied to the assets
- Consider: anonymous external, authenticated user, compromised internal service
- Note what attackers cannot do (scoping assumptions)
4. **Enumerate Threats:**
- Frame as abuse paths: exfiltration, privilege escalation, integrity compromise, DoS
- Tie each threat to a specific asset and boundary
5. **Prioritize:**
- Rate: likelihood (low/medium/high) × impact (low/medium/high)
- Risk tiers:
- **High**: pre-auth RCE, auth bypass, cross-tenant access, key theft
- **Medium**: targeted DoS, partial data exposure, rate-limit bypass
- **Low**: low-sensitivity info leaks, noisy DoS
6. **Validate** — ask 1-3 targeted questions about deployment, auth, data sensitivity
7. **Recommend Mitigations** — concrete, tied to specific code locations and control types
## Output Format
```markdown
# Threat Model: [feature/system name]
## Scope
[Components, data flows, boundaries]
## Architecture Diagram
[Mermaid diagram showing components and trust boundaries]
## Assets
| Asset | Sensitivity | Location |
|-------|-------------|----------|
## Threats
| # | Threat | Asset | Likelihood | Impact | Priority | Mitigation |
|---|--------|-------|------------|--------|----------|------------|
## Assumptions
[What was assumed about deployment, auth, environment]
## Open Questions
[Questions for the team]
```
Reference in New Issue View Git Blame Copy Permalink