Threat Modeling Skill — STRIDE Methodology

1. When to Use

If a target is provided via arguments, focus the review on: $ARGUMENTS

Invoke this skill whenever any of the following conditions are met:

• New service or microservice design — A new component is being introduced into the architecture and needs threat analysis before implementation begins.
• Architecture review — An existing system is undergoing redesign, migration, or significant refactoring (e.g., monolith-to-microservices, on-prem-to-cloud).
• PRD with infrastructure implications — A product requirements document describes features that involve new data stores, external integrations, authentication changes, or network topology modifications.
• API design — New or modified API endpoints are being defined, especially those that accept user input, handle authentication tokens, or expose sensitive data.
• Pre-launch security review — A system is approaching production deployment and requires a structured assessment of threats before go-live.
• Compliance-driven review — Regulatory requirements (SOC 2, PCI DSS, HIPAA, FedRAMP) mandate documented threat analysis.
• Incident post-mortem — A security incident has occurred and the team needs to re-evaluate the threat landscape to prevent recurrence.

2. Context the Agent Needs

Before beginning the threat model, gather the following. Mark each item as obtained or missing and proceed with what is available, noting gaps as assumptions.