tahr-threat-model-app
Installation
SKILL.md
Tahr Threat Model App
Use source as evidence of observed implementation and use specifications and documents as evidence of intent. Produce a decision-oriented threat model, not a list of isolated code smells and not a verified vulnerability report.
Set scope and evidence classes
- Record the repository revision, included packages, deployment environments, supplied documents/specifications, exclusions, and unanswered questions.
- Label every material statement as
observed,intended,inferred, orunknown. Do not let documentation or a framework convention prove runtime behavior. - Default to read-only source and document analysis. Use a runtime target only with explicit authorization for that target and safe test objective.
- Redact credentials, tokens, private keys, personal data, and customer data. Preserve only the minimum non-secret evidence needed for traceability.