Skills

sota-threat-modeling

Installation
SKILL.md

SOTA Threat Modeling

Purpose

Threat modeling answers Shostack's four questions with engineering rigor:

  1. What are we working on? (decompose: DFD, trust boundaries, assets, actors)
  2. What can go wrong? (enumerate: STRIDE/LINDDUN per element, catalogs, attack trees)
  3. What are we going to do about it? (treat: mitigate/accept/transfer/avoid, map to requirements and tests)
  4. Did we do a good job? (verify: abuse-case tests, residual risk review, re-model triggers)

This skill operationalizes those questions in two modes. Never produce a threat model that is only prose — every threat must land as a tracked requirement, a test, or an explicitly accepted risk with an owner.

BUILD Mode — Threat-Model-While-Designing

Run this workflow whenever designing anything that crosses a trust boundary. Scale effort to risk: a 15-minute "four questions" pass for a small feature; a full STRIDE-per-interaction model for a new service or auth flow.

Installs
1
Repository
martinholovsky/…a-skills
First Seen
12 days ago
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykFail
sota-threat-modeling — martinholovsky/sota-skills