Threat Model Skill

Goal

Create a STRIDE threat model BEFORE implementing any security-sensitive feature. Prevents security issues at design time (cheapest point to fix) rather than after implementation (expensive) or in production (catastrophic).

When to Invoke

• Before implementing: authentication, authorization, user registration, file upload
• Before implementing: payment processing, data storage, API endpoints, admin features
• Before any feature that handles: PII, financial data, health data, secrets, files

Steps

1. Identify system components and trust boundaries

   • Reference the C4 Component diagram if it exists (docs/architecture/)
   • Draw the data flow: user → entry point → processing → storage → response
   • Mark trust boundaries (where permissions or privilege changes)
   • Identify actors: authenticated user, anonymous user, admin, external service, attacker

2. Apply STRIDE to each component