tachi-threat-reporting
Domain knowledge for narrative threat report generation — executive summary structure, architecture overview patterns, per-category narrative templates, attack tree construction rules with Mermaid syntax, and reference attack tree examples. Consumed by the threat-report agent during report generation.
Best use case
tachi-threat-reporting is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Domain knowledge for narrative threat report generation — executive summary structure, architecture overview patterns, per-category narrative templates, attack tree construction rules with Mermaid syntax, and reference attack tree examples. Consumed by the threat-report agent during report generation.
Teams using tachi-threat-reporting should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/tachi-threat-reporting/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How tachi-threat-reporting Compares
| Feature / Agent | tachi-threat-reporting | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Domain knowledge for narrative threat report generation — executive summary structure, architecture overview patterns, per-category narrative templates, attack tree construction rules with Mermaid syntax, and reference attack tree examples. Consumed by the threat-report agent during report generation.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# tachi-threat-reporting
Narrative threat report domain knowledge extracted from the tachi threat-report agent. This skill provides the templates, construction rules, and reference examples that the threat-report agent uses to transform structured threat model output into comprehensive narrative reports with Mermaid attack trees.
## Domain Overview
The threat report agent produces two output types:
1. **threat-report.md** -- A 7-section narrative report conforming to `schemas/report.yaml` containing executive summary, architecture overview, per-category threat analysis, cross-cutting themes, Mermaid attack trees, remediation roadmap, and finding reference appendix
2. **attack-trees/{finding-id}-attack-tree.md** -- Standalone Mermaid attack tree files for every Critical and High finding
Report generation applies three bodies of domain knowledge:
- **Narrative Templates** -- Structural patterns for each report section: executive summary elements, architecture overview layout, per-category subsection headers, per-finding narrative pattern, progressive depth rules, cross-cutting theme detection criteria, and language conventions
- **Attack Tree Construction** -- Rules for building Mermaid flowchart attack trees: tree structure (root/intermediate/leaf), minimum depth requirements, decomposition stopping rules, Mermaid syntax conventions, color styling, node naming, and validation checklist
- **Attack Tree Examples** -- Reference implementations demonstrating correct syntax, naming, gate logic, and decomposition depth for Critical and High severity patterns
## Loading Table
Reference files are loaded on-demand by the threat-report agent at specific workflow phases using the Read tool.
| Reference | File | Load When |
|-----------|------|-----------|
| Narrative Templates | `references/narrative-templates.md` | Generating Executive Summary (Section 1), Architecture Overview (Section 2), Threat Analysis (Section 3), Cross-Cutting Themes (Section 4), Remediation Roadmap (Section 6) |
| Attack Tree Construction | `references/attack-tree-construction.md` | Constructing Mermaid attack trees for Critical and High findings (Section 5) |
| Attack Tree Examples | `references/attack-tree-examples.md` | Before generating the first attack tree -- load once as reference patterns |Related Skills
tachi-shared
Shared reference files consumed by multiple tachi agents. Contains canonical definitions for severity bands, STRIDE+AI categories, and finding format that serve as the single source of truth across the pipeline. Agents Read individual reference files on-demand rather than maintaining inline copies.
tachi-risk-scoring
Domain knowledge for quantitative risk scoring — four-dimensional scoring model (CVSS 3.1, exploitability, scalability, reachability), CVSS base vector mappings, composite score formulas, severity band thresholds, and governance field derivation rules. Consumed by the risk-scorer agent during scoring pipeline execution.
tachi-report-assembly
Domain knowledge for PDF security report assembly — artifact detection patterns with tier selection rules, Typst data variable contract with type specifications and image path resolution, and brand asset handling with logo location and fallback rules. Consumed by the report-assembler agent during report generation.
tachi-orchestration
Domain knowledge for the tachi orchestrator agent: input format detection, DFD classification, trust boundary notation, STRIDE-per-Element dispatch rules, coverage requirements per component type, coverage matrix model, SARIF 2.1.0 generation specification, output schema tables for threats.md, baseline correlation, structural validation checklist, and error handling templates. Loaded on-demand by the orchestrator during specific pipeline phases.
tachi-infographics
Domain knowledge for threat infographic generation — infographic specification formats, template-specific section layouts (Baseball Card, System Architecture, Risk Funnel), Gemini API prompt construction rules, and visual design system tokens. Consumed by the threat-infographic agent during specification and image generation.
tachi-control-analysis
Domain knowledge for compensating controls analysis — control category definitions with detection patterns, evidence criteria with effectiveness classification, and residual risk calculation with recommendation generation. Loaded on-demand by the control-analyzer agent during codebase scanning and risk assessment phases.
~aod-status
On-demand backlog snapshot and lifecycle stage summary. Regenerates BACKLOG.md from GitHub Issues and displays item counts per stage. Use this skill when you need to check backlog status, view stage counts, regenerate BACKLOG.md, or get a lifecycle overview.
~aod-spec
Validates specification completeness and quality by checking for mandatory sections, [NEEDS CLARIFICATION] markers, testable criteria, and clear scope boundaries. Use this skill when you need to check if spec is complete, validate specifications, review spec.md, or check specification quality. Ensures specifications are ready for architecture and implementation phases.
~aod-score
Re-score an existing idea's ICE rating when circumstances change. Use this skill when you need to re-evaluate ideas, update ICE scores, change idea priority, or re-assess deferred ideas.
~aod-run
Full lifecycle orchestrator that chains all 6 AOD stages (Discover, Define, Plan, Build, Deliver, Document) with disk-persisted state for session resilience and governance gates at every boundary. Use this skill when you need to run the full lifecycle, orchestrate stages, resume orchestration, or check orchestration status.
~aod-project-plan
Validates architecture documentation completeness by checking for technology stack, API specifications, database schema, security architecture, and alignment with feature specification. Use this skill when you need to check if plan.md is complete before implementation, validate architecture documentation, or review technical plans for completeness.
~aod-plan
Plan stage orchestrator that runs all three Plan sub-steps (spec → project-plan → tasks) in sequence with governance gates. Stops on rejection, continues through approvals. Use this skill when you need to run the full Plan stage, navigate planning sub-steps, or resume after a rejection.