بنقرة واحدة
remove
Remove elements from a threat model with dependency checking
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
Remove elements from a threat model with dependency checking
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
Assign classes to unclassified components, boundaries, data flows, and data items
Auto-discover infrastructure components from codebase using the infrastructure-scout agent
Guided end-to-end threat modeling workflow — scope through validation and sync
Populate security attributes, MITRE ATT&CK references, credentials, and monitoring tools
Quality dashboard with score breakdown, gap analysis, and readiness assessment
Attack surface summary with component breakdown, trust boundary crossings, and control gap analysis
| name | remove |
| description | Remove elements from a threat model with dependency checking |
| agent | threat-modeler |
| argument-hint | [element reference] |
Remove elements from a Dethernety threat model with dependency checking.
Use the Model Resolution Protocol to identify the target model. Read current model files from disk (structure.json, dataflows.json, data-items.json).
From $ARGUMENTS or conversation, identify the element to remove. Match by name (case-insensitive) or by ID.
If ambiguous (e.g., multiple components named "API Server"), list all matches and ask the user to specify:
Found 2 matches for "API Server":
1. [PROCESS] API Server — in DMZ boundary
2. [PROCESS] API Server — in Internal Network boundary
Which one? (1 or 2)
Before removal, scan for elements that depend on the target:
Component dependencies:
attributes/components/<id>.jsonBoundary dependencies:
Data flow dependencies:
attributes/dataFlows/<id>.jsonData item dependencies:
attributes/dataItems/<id>.jsonCrown-jewel pre-check. Before drafting the dependency table, check whether the element is tagged as a crown jewel. For a component, that is crownJewel === true on the component in structure.json. For a non-component element (data flow / data item / boundary), it is crown_jewel === true in its attribute bag (attributes/<kind>/<id>.json, top-level or nested attributes.crown_jewel — a local-only mark). If tagged, elevate the prompt:
Removing [STORE] "Customer DB" — this element is tagged as a CROWN JEWEL.
Removing it from the model means the threat-modeling output will no
longer treat it as a security-critical asset. Confirm only if the asset
has genuinely been retired or relocated, not because it became
inconvenient to model.
Proceed? (yes / no)
If the user declines on the crown-jewel prompt, stop without showing dependencies — the safety prompt is the gate. If the user accepts (or the element is untagged), continue with the dependency table below. The dependency-removal cascade still applies for tagged elements once the crown-jewel prompt is accepted.
If dependencies exist, show them before proceeding:
Removing [PROCESS] "API Server" will also affect:
Data flows (will be removed):
- "Client → API Server" (HTTP requests)
- "API Server → Database" (SQL queries)
- "API Server → Redis" (Cache lookups)
Data items (orphaned — flows removed):
- "User Credentials" on "Client → API Server"
Attribute files (will be deleted):
- attributes/components/abc123.json
Proceed? (yes / no / remove component only)
If no dependencies exist, confirm with a simpler prompt:
Remove [STORE] "Redis Cache" from Data Tier? (yes / no)
Remove from the appropriate model file:
structure.json for components and boundariesdataflows.json for data flowsdata-items.json for data itemsDelete associated attribute files from the attributes/ directory.
If removing a boundary, relocate orphaned child components to the parent boundary (don't delete them silently).
If the model is at ENRICHING or later state, a structural change triggers backward transition:
currentState to STRUCTURE_COMPLETE in .dethereal/state.json.dethereal/quality.json (forces recomputation)model_signed_off from state.json if presentstaleElements[] if present. If dependent elements were modified (e.g., orphaned flows reconnected, child components relocated), add those modified element IDs to staleElements[]Call mcp__plugin_dethereal_dethereal__validate_model_json to check structural validity after removal.
[done] Removed [PROCESS] "API Server" and 3 dependent data flows. Quality: X/100.
[next] /dethereal:view (review updated model) or /dethereal:add (add replacements)