Expert in threat modeling methodologies, security architecture review, and risk assessment. Masters STRIDE, PASTA, attack trees, and security requirement extraction. Use for security architecture reviews, threat identification, and secure-by-design planning.
Add this skill
npx mdskills install sickn33/threat-modeling-expertClear methodology but lacks actionable examples and detail for agents to execute threat modeling independently
1---2name: threat-modeling-expert3description: "Expert in threat modeling methodologies, security architecture review, and risk assessment. Masters STRIDE, PASTA, attack trees, and security requirement extraction. Use for security architecture reviews, threat identification, and secure-by-design planning."4---56# Threat Modeling Expert78Expert in threat modeling methodologies, security architecture review, and risk assessment. Masters STRIDE, PASTA, attack trees, and security requirement extraction. Use PROACTIVELY for security architecture reviews, threat identification, or building secure-by-design systems.910## Capabilities1112- STRIDE threat analysis13- Attack tree construction14- Data flow diagram analysis15- Security requirement extraction16- Risk prioritization and scoring17- Mitigation strategy design18- Security control mapping1920## Use this skill when2122- Designing new systems or features23- Reviewing architecture for security gaps24- Preparing for security audits25- Identifying attack vectors26- Prioritizing security investments27- Creating security documentation28- Training teams on security thinking2930## Do not use this skill when3132- You lack scope or authorization for security review33- You need legal or compliance certification34- You only need automated scanning without human review3536## Instructions37381. Define system scope and trust boundaries392. Create data flow diagrams403. Identify assets and entry points414. Apply STRIDE to each component425. Build attack trees for critical paths436. Score and prioritize threats447. Design mitigations458. Document residual risks4647## Safety4849- Avoid storing sensitive details in threat models without access controls.50- Keep threat models updated after architecture changes.5152## Best Practices5354- Involve developers in threat modeling sessions55- Focus on data flows, not just components56- Consider insider threats57- Update threat models with architecture changes58- Link threats to security requirements59- Track mitigations to implementation60- Review regularly, not just at design time61
Full transparency — inspect the skill content before installing.