en un clic
remove
Remove elements from a threat model with dependency checking
Installer avec Codex ou Claude Copiez ce prompt, collez-le dans Codex, Claude ou un autre assistant, puis laissez-le vérifier la page du skill et l'installer pour vous.
Menu
Remove elements from a threat model with dependency checking
Installer avec Codex ou Claude Copiez ce prompt, collez-le dans Codex, Claude ou un autre assistant, puis laissez-le vérifier la page du skill et l'installer pour vous.
Basé sur la classification professionnelle SOC
| name | remove |
| description | Remove elements from a threat model with dependency checking |
| agent | threat-modeler |
| argument-hint | [element reference] |
Remove elements from a Dethernety threat model with dependency checking.
Use the Model Resolution Protocol to identify the target model. Read current model files from disk (structure.json, dataflows.json, data-items.json).
From $ARGUMENTS or conversation, identify the element to remove. Match by name (case-insensitive) or by ID.
If ambiguous (e.g., multiple components named "API Server"), list all matches and ask the user to specify:
Found 2 matches for "API Server":
1. [PROCESS] API Server — in DMZ boundary
2. [PROCESS] API Server — in Internal Network boundary
Which one? (1 or 2)
Before removal, scan for elements that depend on the target:
Component dependencies:
attributes/components/<id>.jsonBoundary dependencies:
Data flow dependencies:
attributes/dataFlows/<id>.jsonData item dependencies:
attributes/dataItems/<id>.jsonCrown-jewel pre-check. Before drafting the dependency table, check whether the element is tagged as a crown jewel. For a component, that is crownJewel === true on the component in structure.json. For a non-component element (data flow / data item / boundary), it is crown_jewel === true in its attribute bag (attributes/<kind>/<id>.json, top-level or nested attributes.crown_jewel — a local-only mark). If tagged, elevate the prompt:
Removing [STORE] "Customer DB" — this element is tagged as a CROWN JEWEL.
Removing it from the model means the threat-modeling output will no
longer treat it as a security-critical asset. Confirm only if the asset
has genuinely been retired or relocated, not because it became
inconvenient to model.
Proceed? (yes / no)
If the user declines on the crown-jewel prompt, stop without showing dependencies — the safety prompt is the gate. If the user accepts (or the element is untagged), continue with the dependency table below. The dependency-removal cascade still applies for tagged elements once the crown-jewel prompt is accepted.
If dependencies exist, show them before proceeding:
Removing [PROCESS] "API Server" will also affect:
Data flows (will be removed):
- "Client → API Server" (HTTP requests)
- "API Server → Database" (SQL queries)
- "API Server → Redis" (Cache lookups)
Data items (orphaned — flows removed):
- "User Credentials" on "Client → API Server"
Attribute files (will be deleted):
- attributes/components/abc123.json
Proceed? (yes / no / remove component only)
If no dependencies exist, confirm with a simpler prompt:
Remove [STORE] "Redis Cache" from Data Tier? (yes / no)
Remove from the appropriate model file:
structure.json for components and boundariesdataflows.json for data flowsdata-items.json for data itemsDelete associated attribute files from the attributes/ directory.
If removing a boundary, relocate orphaned child components to the parent boundary (don't delete them silently).
If the model is at ENRICHING or later state, a structural change triggers backward transition:
currentState to STRUCTURE_COMPLETE in .dethereal/state.json.dethereal/quality.json (forces recomputation)model_signed_off from state.json if presentstaleElements[] if present. If dependent elements were modified (e.g., orphaned flows reconnected, child components relocated), add those modified element IDs to staleElements[]Call mcp__plugin_dethereal_dethereal__validate_model_json to check structural validity after removal.
[done] Removed [PROCESS] "API Server" and 3 dependent data flows. Quality: X/100.
[next] /dethereal:view (review updated model) or /dethereal:add (add replacements)
Assign classes to unclassified components, boundaries, data flows, and data items
Auto-discover infrastructure components from codebase using the infrastructure-scout agent
Guided end-to-end threat modeling workflow — scope through validation and sync
Populate security attributes, MITRE ATT&CK references, credentials, and monitoring tools
Quality dashboard with score breakdown, gap analysis, and readiness assessment
Attack surface summary with component breakdown, trust boundary crossings, and control gap analysis