Security Threat Modeling

Overview

Use this skill to make security risks explicit early, prioritize mitigations, and prevent costly redesign after implementation.

Scope Boundaries

• New architecture, integration, or data flow introduces fresh trust boundaries.
• Significant feature changes alter attacker opportunity or impact.
• Security requirements need prioritization before implementation commitments.

Templates And Assets

• Threat model template:
  • assets/threat-model-template.md

Inputs To Gather

• System context, components, and data flow diagrams.
• Asset classification and business impact.
• Assumed attacker capabilities and exposure surface.
• Existing controls and operational detection capabilities.