Skills

threat-modeling

Installation
SKILL.md

Bitwarden's Engagement Model

Bitwarden follows a 4-phase engagement model for security work. This skill primarily supports Phase 1 (engineering-owned) and assists with Phase 2-4 artifacts.

Phase 1: Initial Security Assessment (Engineering Team)

  1. Create data flow diagrams (Mermaid, Excalidraw, or Structurizr)
  2. Define security requirements separate from product requirements
  3. Propose security definitions (threat model + security goals)
  4. Identify initial threats using STRIDE (see references/stride-framework.md)

Phase 2: AppSec Team Review (AppSec + Engineering)

  • Share data flow diagrams and security definitions in advance
  • Walk through system architecture collaboratively
  • Validate or refine proposed security definitions
  • Identify additional threats, assess risk
  • Avoid assuming external mitigations exist
Installs
64
Repository
bitwarden/ai-plugins
GitHub Stars
119
First Seen
Mar 19, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
threat-modeling — bitwarden/ai-plugins