The Agent Skills Directory

[NO_CODE]: The skill consists entirely of Markdown documentation files containing guidelines, checklists, and methodology descriptions. There are no executable scripts, configuration files, or platform-specific command injections.
[SAFE]: The content is educational and instructional, focusing on industry-standard security frameworks like STRIDE, LINDDUN, and PASTA. It promotes best practices such as least privilege, boundary-based analysis, and automated abuse-case testing.
[SAFE]: Mentions of potential vulnerabilities (e.g., SSRF, XSS, SQLi) and attack vectors (e.g., prompt injection, tool misuse in agents) are used in the context of threat catalogs to help analysts identify and mitigate these risks in external systems being analyzed.
[SAFE]: The skill includes specific guidance for modeling LLM and agentic systems, referencing current research and standards (OWASP Top 10 for Agents, MCP Top 10) to improve the security posture of AI integrations.
[SAFE]: All external references and methodologies are presented neutrally and intended to enhance the security rigor of the engineering process.

sota-threat-modeling