security-threat-model_skill

This skill helps you generate an AppSec-grade threat model tailored to a repository or path, anchoring claims to evidence and suggesting concrete mitigations.
  • Python
  • Official

8.6k

GitHub Stars

2

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill openai/skills --skill security-threat-model

  • LICENSE.txt10.5 KB
  • SKILL.md5.4 KB

Overview

This skill performs repository-grounded threat modeling for codebases or specified project paths. It enumerates trust boundaries, assets, attacker capabilities, abuse paths, and mitigations, and emits a concise Markdown threat model anchored to evidence in the repo. It triggers only when you explicitly ask to threat model a codebase or path.

How this skill works

Given a repo root or in-scope path and any deployment/context hints, the skill extracts the system model from code and documentation, identifies components, entry points, and data stores, and separates runtime behavior from CI/dev artifacts. It enumerates trust boundaries, derives attacker capabilities, writes prioritized abuse paths with likelihood and impact reasoning, and proposes mitigations tied to specific files, components, or controls. Before finalizing, it lists assumptions and asks targeted questions to validate missing context.

When to use it

  • When you explicitly ask to threat model a repository or specific project path
  • When you need a concise, repo-grounded AppSec threat model (not a generic checklist)
  • Before design reviews or security remediation planning for a service/component in the repo
  • When you want prioritized, actionable mitigations tied to concrete code or infra locations

Best practices

  • Provide repo root and any in-scope subpath plus intended deployment and exposure details to reduce assumptions
  • Confirm or correct the skill’s stated assumptions before final report generation
  • Scope runtime vs CI/dev/test artifacts explicitly to avoid false positives
  • Ask for evidence pointers (config files, deployment manifests, auth docs) to ground claims
  • Use the prioritized abuse paths to drive short, testable mitigations and follow-up validation

Example use cases

  • Threat model a web service directory to enumerate API trust boundaries, session handling, and data stores
  • Model a CLI tool or worker to find code-execution, supply-chain, or input-parsing abuse paths
  • Assess a mixed repo (library + service) to separate in-scope runtime surfaces from build/CI tooling
  • Generate a prioritized remediation list tied to specific modules or config files for an incident response or security sprint

FAQ

No. Outputs are specific to the repo or path and reference evidence in code and config; generic checklists are avoided.

What assumptions will you make if context is missing?

I state all assumptions explicitly (deployment model, exposure, auth expectations) and ask 1–3 targeted questions; if unanswered, I mark which priorities are conditional on those assumptions.

How do you prioritize threats?

Each threat includes qualitative likelihood and impact (low/medium/high) with short justification and an overall priority that weights existing controls and stated assumptions.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
security-threat-model skill by openai/skills | VeilStrat