threat-model-generation
Generate a STRIDE-based security threat model for a repository. Use when setting up security monitoring, after architecture changes, or for security audits.
Best use case
threat-model-generation is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Generate a STRIDE-based security threat model for a repository. Use when setting up security monitoring, after architecture changes, or for security audits.
Teams using threat-model-generation should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/threat-model-generation/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How threat-model-generation Compares
| Feature / Agent | threat-model-generation | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Generate a STRIDE-based security threat model for a repository. Use when setting up security monitoring, after architecture changes, or for security audits.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Threat Model Generation
Generate a comprehensive security threat model for a repository using the STRIDE methodology.
## When to Use This Skill
- **First-time setup** - New repository needs initial threat model
- **Architecture changes** - Significant changes to components, APIs, or data flows
- **Security audit** - Periodic review or compliance requirement
- **Manual request** - Security team requests updated threat model
## Inputs
| Input | Description | Required |
| ----------------------- | ------------------------------------------------------- | -------------------------------- |
| Repository path | Root directory to analyze | Yes (default: current directory) |
| Existing threat model | Path to existing `.factory/threat-model.md` if updating | No |
| Compliance requirements | Frameworks to consider (SOC2, GDPR, HIPAA, etc.) | No |
## Instructions
### Step 1: Analyze Repository Structure
Scan the codebase to understand the system:
1. **Identify languages and frameworks**
- Check `package.json`, `requirements.txt`, `go.mod`, `Cargo.toml`, etc.
- Note the primary tech stack
2. **Map components and services**
- Look for `apps/`, `services/`, `packages/` directories
- Identify entry points: API routes, CLI commands, web handlers
- Note databases, caches, message queues
3. **Identify external interfaces**
- HTTP endpoints (REST, GraphQL)
- File upload handlers
- Webhook receivers
- OAuth/SSO integrations
4. **Trace data flows**
- How does user input enter the system?
- Where is sensitive data stored?
- What external services are called?
### Step 2: Identify Trust Boundaries
Define security zones:
1. **Public Zone** (untrusted)
- All external HTTP endpoints
- Public APIs without authentication
- User-uploaded files
2. **Authenticated Zone** (partially trusted)
- Endpoints requiring valid session/token
- User-specific data access
- Rate-limited APIs
3. **Internal Zone** (trusted)
- Service-to-service communication
- Admin-only endpoints
- Database connections
- Secrets management
### Step 3: Inventory Critical Assets
Classify data by sensitivity:
1. **PII (Personally Identifiable Information)**
- User emails, names, addresses, phone numbers
- Document protection measures
2. **Credentials & Secrets**
- Password hashes, API keys, OAuth tokens
- JWT signing keys, encryption keys
3. **Business-Critical Data**
- Transaction records, customer data
- Proprietary algorithms, trade secrets
### Step 4: Apply STRIDE Analysis
For each major component, analyze threats:
#### S - Spoofing Identity
- Can attackers impersonate users or services?
- Are authentication mechanisms secure?
#### T - Tampering with Data
- Can attackers modify data in transit or at rest?
- Look for: SQL injection, XSS, mass assignment, missing input validation
#### R - Repudiation
- Can users deny actions they performed?
- Look for: missing audit logs, insufficient logging
#### I - Information Disclosure
- Can attackers access data they shouldn't?
- Look for: IDOR, verbose errors, hardcoded secrets
#### D - Denial of Service
- Can attackers disrupt service availability?
- Look for: missing rate limits, resource exhaustion
#### E - Elevation of Privilege
- Can attackers gain unauthorized access levels?
- Look for: missing authorization checks, role manipulation
### Step 5: Document Vulnerability Patterns
Create a library of code patterns specific to this codebase's tech stack.
### Step 6: Generate Output Files
Create two files:
#### 1. `.factory/threat-model.md`
Comprehensive threat model with:
- System overview with architecture description
- Trust boundaries and security zones
- Attack surface inventory
- Critical assets classification
- STRIDE threat analysis for each component
- Vulnerability pattern library
- Security testing strategy
- Assumptions and accepted risks
- Version changelog
#### 2. `.factory/security-config.json`
```json
{
"threat_model_version": "1.0.0",
"last_updated": "<ISO timestamp>",
"security_team_contacts": [],
"compliance_requirements": [],
"scan_frequency": "on_commit",
"severity_thresholds": {
"block_merge": ["CRITICAL"],
"require_review": ["HIGH", "CRITICAL"],
"notify_security_team": ["CRITICAL"]
},
"vulnerability_patterns": {
"enabled": [
"sql_injection",
"xss",
"command_injection",
"path_traversal",
"auth_bypass",
"idor"
]
}
}
```
## Success Criteria
- [ ] `.factory/threat-model.md` exists with all sections populated
- [ ] `.factory/security-config.json` exists with valid JSON
- [ ] All major components have STRIDE analysis
- [ ] Vulnerability patterns match the tech stack
- [ ] Document is written in natural language (LLM-readable)
- [ ] No placeholder text remains
## Example Invocations
**Generate initial threat model:**
```
Generate a threat model for this repository.
```
**Update existing threat model:**
```
Update the threat model - we added a new payments service.
```
**Generate with compliance requirements:**
```
Generate a threat model for this repository. We need to comply with SOC2 and GDPR.
```Related Skills
5-styleguide-generation
Fifth step in building instruction context for codebase
security-threat-model
Repository-grounded threat modeling that enumerates trust boundaries, assets, attacker capabilities, abuse paths, and mitigations, and writes a concise Markdown threat model. Use when the user asks to threat model a codebase or path, enumerate threats or abuse paths, or perform AppSec threat modeling. Do NOT use for general architecture summaries, code review, security best practices (use security-best-practices), or non-security design work.
asyncredux-testing-view-models
Test StoreConnector view-models in isolation. Covers creating view-models with `Vm.createFrom()`, testing view-model properties, testing callbacks that dispatch actions, and verifying state changes from callbacks.
ios-foundation-models
Use when implementing on-device AI with Apple's Foundation Models framework — prevents context overflow, blocking UI, wrong model use cases, and manual JSON parsing when @Generable should be used. iOS 26+, macOS 26+, iPadOS 26+, ios-visionOS 26+
inter-model-arbitration
Resolves disputes and conflicts between AI models during collaborative tasks
Creating Models
Step-by-step guide to create a new Odoo model with fields, constraints, and methods.
audiocraft-audio-generation
PyTorch library for audio generation including text-to-music (MusicGen) and text-to-sound (AudioGen). Use when you need to generate music from text descriptions, create sound effects, or perform melody-conditioned music generation.
async-io-model
Explanations of common asynchronous patterns used in tursodb. Involves IOResult, state machines, re-entrancy pitfalls, CompletionGroup. Always use these patterns in `core` when doing anything IO
Apple Foundation Models
Use this skill when working with Apple's Foundation Models framework for on-device AI and LLM capabilities in iOS/macOS apps
analyzing-business-models
Analyzes business models including revenue models, unit economics, competitive moats, scalability, and value creation/capture mechanisms using frameworks like Business Model Canvas and strategic analysis. Use when the user requests business model analysis, unit economics review, moat assessment, or wants to understand how a company creates and captures value.
ai-training-data-generation
Generate high-quality training datasets from documents, text corpora, and structured content. Use when creating AI training data from dictionaries, documents, or when generating examples for machine learning models. Optimized for low-resource languages and domain-specific knowledge extraction.
ai-model-cascade
A production-ready pattern for integrating AI models (specifically Google Gemini) with automatic fallback, retry logic, structured output via Zod schemas, and comprehensive error handling. Use when integrating AI/LLM APIs, need automatic fallback when models are overloaded, want type-safe structured responses, or building features requiring reliable AI generation.