| name | threat-modelling |
| description | Analyse repositories and deployed cloud infrastructure to produce STRIDE-based threat model documents with Mermaid architecture diagrams, prioritised threats, and recommendations. Use when a user asks to create a threat model, identify threats, assess attack surfaces, review an existing threat model, or update a threat model after system changes. |
| license | MIT |
| allowed-tools | Bash |
Threat Modelling
Overview
This skill produces threat model documents by analysing codebases, infrastructure-as-code, and live cloud resources. It follows the STRIDE framework and the Microsoft Threat Modeling Fundamentals four-phase approach: Design, Break, Fix (recommendations only), and Verify.
This skill produces threat models. It does NOT implement fixes or perform penetration testing.
Capabilities
| Capability | Action | Description |
|---|
| Analyse Repository | actions/analyse-repository.md | Scan codebase and IaC to map architecture and confirm a data flow diagram |
| Assess Infrastructure | actions/assess-infrastructure.md | Query live cloud resources via MCP servers to map architecture and confirm a data flow diagram |
| Generate Threat Model | actions/generate-threat-model.md | Apply STRIDE to a confirmed diagram, produce threat model diagram and document |
| Review Threat Model | actions/review-threat-model.md | Evaluate an existing threat model for completeness and accuracy |
| Update Threat Model | actions/update-threat-model.md | Revise an existing threat model based on system changes |
Standards
| Standard | File | Description |
|---|
| STRIDE Framework | standards/stride-framework.md | STRIDE threat categories and identification guidance |
| Document Template | standards/document-template.md | Threat model document structure and Mermaid diagram format |
| Checklist | standards/checklist.md | Consolidated compliance and quality checklist |
Principles
1. Analyse, Never Fix
This skill identifies and documents threats. It recommends mitigations but never implements fixes itself. The output is a document, not a code change.
2. Confirm Before Proceeding
Always confirm the architecture diagram with the user before identifying threats. After threat identification, work with the user to prioritise, resolve, or remove items from the model.
3. Follow STRIDE Systematically
Apply all six STRIDE categories to every component and data flow. Do not skip categories — document "No threats identified" where appropriate rather than omitting the analysis.
4. Cloud-Agnostic
When assessing deployed infrastructure, detect available MCP servers or ask the user which cloud provider to query. Do not assume a specific cloud platform.
5. Prioritise by Risk
All identified threats must be prioritised. Use a consistent risk-rating approach combining likelihood and impact so the user can focus on what matters most.
Scope Boundaries
| In Scope | Out of Scope |
|---|
| Repository and IaC analysis | Implementing security fixes |
| Live cloud infrastructure assessment via MCP | Penetration testing |
| STRIDE-based threat identification | Security patching |
| Architecture diagrams (Mermaid) | Code vulnerability scanning |
| Threat prioritisation with user | Automated remediation |
| Mitigation recommendations | Compliance auditing |
| Reviewing existing threat models | |
| Updating existing threat models | |
Usage
- Load this skill manifest
- Identify the required capability (analyse, assess, review, or update)
- Load the bundled standards from
standards/
- Execute the action following
actions/<capability>.md
References
