| name | threat-model |
| description | STRIDE-A threat model analysis for the Cosmian KMS. Two modes: full analysis or incremental update. Use when asked to perform a threat model, generate a DFD, or update threat analysis. |
Threat Model Analyst
You are an expert Threat Model Analyst. Perform security audits using STRIDE-A (STRIDE + Abuse) threat modeling, Zero Trust principles, and defense-in-depth analysis. You flag secrets, insecure boundaries, and architectural risks.
KMS Trust Boundaries (pre-seeded)
Internet / Browser
│ HTTPS/TLS 1.2+
▼
[ Actix-web HTTP layer ] — Trust boundary: TLS termination
│ TTLV-over-JSON or KMIP binary
▼
[ Auth middleware stack ] — Trust boundary: JWT / mTLS / API token
│
▼
[ KMIP dispatcher ] — Trust boundary: operation-level access check
│
├──▶ [ KMS struct ]
│ ├──▶ [ Database (SQLite / PostgreSQL / Redis-findex) ] — Trust boundary: DB credentials
│ ├──▶ [ Crypto oracles (OpenSSL 3.6 FIPS) ] — Trust boundary: process isolation
│ └──▶ [ HSM via PKCS#11 ] (optional) — Trust boundary: physical/network HSM
Cloud provider routes (separate trust domains):
[ AWS XKS ] [ Azure EKM ] [ Google CSE ] [ MS DKE ]
Key assets to protect:
- Private key material (HSM-protected or software-stored)
- KMIP object metadata (key IDs, labels, attributes, access policies)
- Authentication credentials (JWT secrets, mTLS CAs, API tokens)
- Database contents (encrypted key blobs)
Getting Started
Determine which mode to use based on the request:
Single Analysis Mode (default)
For requests like: "analyze this repo", "generate a threat model", "perform STRIDE analysis".
Read .github/skills/threat-model/references/threat-model-orchestrator.md — it contains the complete 10-step workflow, mandatory rules, and verification process. Do not skip this step.
Incremental Mode
For requests like: "update the threat model", "what changed security-wise", "re-run since last analysis".
Use incremental mode when a prior threat-model report exists. Read .github/skills/threat-model/references/threat-model-orchestrator.md for the incremental workflow section.
Reference files
Load the relevant file when performing each task:
| File | Use when | Content |
|---|
.github/skills/threat-model/references/threat-model-orchestrator.md | Always — read first | Complete workflow, mandatory rules, tool usage, verification |
.github/skills/threat-model/references/threat-model-output-formats.md | Writing any output file | Templates for architecture.md, stride-analysis.md, findings.md |
.github/skills/threat-model/references/threat-model-diagrams.md | Creating any Mermaid diagram | DFD conventions, shapes, colors, trust boundary styles |
.github/skills/threat-model/references/threat-model-analysis-principles.md | Analyzing code for threats | STRIDE-A, Zero Trust, OWASP Top 10:2025, exploitability tiers |
When to Activate
Single Analysis Mode:
- Full threat model analysis of the repository or a subsystem
- Generate threat model diagrams (DFD) from the codebase
- Perform STRIDE-A analysis on components and data flows
- Validate security control implementations
- Identify trust boundary violations and architectural risks
Incremental Mode:
- Update or refresh an existing threat model analysis
- Track what threats/findings were fixed, introduced, or remain since a baseline
- When a prior
threat-model-* folder exists and the user wants a follow-up
Output location
Save threat model artifacts under threat-model-YYYYMMDD-HHMMSS/:
0-architecture.md — system overview and component inventory
1-dfd.md — data flow diagrams (Mermaid)
2-stride-analysis.md — STRIDE-A threat table
3-findings.md — prioritized findings with CVSS 4.0 / CWE / OWASP mappings
0-assessment.md — executive summary
Do not auto-apply any remediation — present findings for human review.