threat-modeling
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides educational content and templates for security design reviews based on established industry frameworks like STRIDE and Adam Shostack's methodology.
- [DATA_EXPOSURE]: While the text mentions sensitive locations such as
.envfiles, S3 buckets, and PII, it does so strictly in the context of identifying potential threats during a modeling session, not as an attempt to access or exfiltrate real data. - [REMOTE_CODE_EXECUTION]: The skill contains no scripts, package installations, or remote code download patterns. It relies entirely on standard instructional text.
- [PROMPT_INJECTION]: The instructions are focused on the task of threat modeling and do not contain any patterns intended to bypass AI safety guidelines or override system behavior.
- [COMMAND_EXECUTION]: No shell commands or subprocess calls are present in the skill instructions or examples.
Audit Metadata