security-threat-modeling
Security Threat Modeling
Overview
Use this skill to make security risks explicit early, prioritize mitigations, and prevent costly redesign after implementation.
Scope Boundaries
- New architecture, integration, or data flow introduces fresh trust boundaries.
- Significant feature changes alter attacker opportunity or impact.
- Security requirements need prioritization before implementation commitments.
Templates And Assets
- Threat model template:
assets/threat-model-template.md
Inputs To Gather
- System context, components, and data flow diagrams.
- Asset classification and business impact.
- Assumed attacker capabilities and exposure surface.
- Existing controls and operational detection capabilities.
Deliverables
- Threat model with assets, trust boundaries, entry points, and abuse paths.
- Prioritized mitigation plan with owner, expected risk reduction, and timeline.
- Validation plan mapping top threats to test and monitoring evidence.
Workflow
- Define model scope and highest-value assets in
assets/threat-model-template.md. - Identify trust boundaries and all ingress/egress paths.
- Enumerate attacker goals and feasible attack paths for each boundary.
- Assess risk using impact and exploitability, then rank mitigation candidates.
- Select controls across prevention, detection, and response, not prevention only.
- Record residual risks that are accepted, including owner and review date.
- Convert priority threats into concrete engineering and verification tasks.
Quality Standard
- Top abuse paths are evidence-backed and mapped to concrete controls.
- Mitigation prioritization is explicit and reproducible.
- Residual risks are intentionally accepted, not implied.
- Model output is actionable by engineering, security, and operations.
Failure Conditions
- Stop when assets and trust boundaries are undefined.
- Stop when high-impact threats are listed without mitigation owner.
- Escalate when risk acceptance lacks accountable approval.
More from kentoshimizu/sw-agent-skills
graph-algorithms
Graph algorithm workflow for modeling entities/relations and selecting traversal, path, ordering, or flow strategies. Use when correctness or performance depends on graph representation and algorithm choice; do not use for schema-only modeling or deployment topology planning.
14bash-style-guide
Style, review, and refactoring standards for Bash shell scripting. Trigger when `.sh` files, files with `#!/usr/bin/env bash` or `#!/bin/bash`, or CI workflow blocks with `shell: bash` are created, modified, or reviewed and Bash-specific quality controls (quoting safety, error handling, portability, readability) must be enforced. Do not use for generic POSIX `sh`, PowerShell, or language-specific application style rules. In multi-language pull requests, run together with other applicable `*-style-guide` skills.
11architecture-clean-architecture
Clean Architecture workflow for enforcing dependency direction, stable domain boundaries, and use-case-centered application design. Use when teams must separate business rules from frameworks and delivery mechanisms; do not use for isolated module cleanup without boundary implications.
11powershell-style-guide
Style, review, and refactoring standards for PowerShell scripting. Trigger when `.ps1`, `.psm1`, `.psd1` files, or CI workflow blocks with `shell: pwsh` or `shell: powershell` are created, modified, or reviewed and PowerShell-specific quality controls (error handling, parameter validation, readability, operational safety) must be enforced. Do not use for Bash, generic POSIX `sh`, or language-specific application style rules. In multi-language pull requests, run together with other applicable `*-style-guide` skills.
10github-codeowners-management
Govern CODEOWNERS rules so review routing reflects real ownership and risk boundaries on GitHub. Use when repository ownership mapping or mandatory reviewer rules must be defined, updated, or audited; do not use for non-GitHub runtime architecture or data-layer design.
9security-authentication
Security workflow for authentication architecture, credential lifecycle, and session/token assurance. Use when login, identity proofing, MFA, or session security decisions are required; do not use for authorization policy design or non-security quality tuning.
9