Run any Skill in Manus with one click

$pwd:

threat-modeling

Name: Threat Modeling
Author: seb1n

// Conduct structured threat modeling for software systems using established methodologies to identify, prioritize, and mitigate security threats before they are exploited.

Run Skill in Manus

$ git log --oneline --stat

stars:78

forks:15

updated:February 12, 2026 at 17:23

SKILL.md

readonly

package.json

"author": "seb1n"

"repository": "seb1n/awesome-ai-agent-skills"

View GitHub Repository

$ install --globalskills.sh

$ download --local

Run Skill in Manus

[HINT] Download the complete skill directory including SKILL.md and all related files

Run any Skill with one click

name	threat-modeling
description	Conduct structured threat modeling for software systems using established methodologies to identify, prioritize, and mitigate security threats before they are exploited.
license	MIT
metadata	{"author":"awesome-ai-agent-skills","version":"1.0.0"}

Threat Modeling

This skill enables the agent to perform structured threat modeling for software applications, APIs, and infrastructure. The agent analyzes system architecture, data flows, and trust boundaries to systematically identify potential security threats using established methodologies such as STRIDE, DREAD, PASTA, and attack trees. The output is a prioritized threat register with specific, actionable mitigation strategies that development teams can integrate into their backlog.

Workflow

Decompose the System Architecture — Analyze architecture diagrams, code repositories, infrastructure-as-code files, and deployment configurations to identify all components, data stores, external services, and communication channels. Map trust boundaries between networks, services, and user privilege levels. Produce a data flow diagram (DFD) showing how data moves through the system.
Select a Threat Modeling Methodology — Choose the appropriate methodology based on the project's needs. Use STRIDE for systematic enumeration of threat categories per component. Use DREAD for scoring and prioritizing known threats. Use PASTA (Process for Attack Simulation and Threat Analysis) for risk-centric analysis aligned with business objectives. Use attack trees for deep analysis of specific high-value targets like authentication or payment systems.
Enumerate Threats — Apply the selected methodology to each component and data flow in the DFD. For STRIDE, evaluate each element against all six threat categories: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. Document each threat with a unique identifier, description, affected component, and the trust boundary it crosses.
Assess Risk and Prioritize — Score each threat using DREAD (Damage, Reproducibility, Exploitability, Affected Users, Discoverability) or a similar quantitative framework. Combine the score with business context — a threat to the payment service is higher priority than the same threat to an internal admin dashboard. Produce a ranked threat register.
Define Mitigations and Security Controls — For each high and medium priority threat, specify concrete mitigation strategies: architectural changes, code-level fixes, configuration hardening, or operational controls. Map mitigations to security frameworks (NIST 800-53, CIS Controls) where applicable. Estimate implementation effort for each mitigation.
Document and Maintain the Threat Model — Produce a living document that captures the DFD, threat register, risk scores, and mitigation status. Update the threat model whenever the architecture changes, new features are added, or new attack techniques emerge. Integrate threat model reviews into sprint planning and design review processes.

Supported Technologies

Methodologies: STRIDE, DREAD, PASTA, Attack Trees, VAST (Visual Agile Simple Threat modeling)
Diagramming: Data Flow Diagrams (DFD), Mermaid, draw.io, Microsoft Threat Modeling Tool
Architecture Types: Monoliths, microservices, serverless, event-driven, mobile backends, IoT systems
Infrastructure: AWS, GCP, Azure, Kubernetes, on-premises hybrid environments
Standards Mapping: OWASP Top 10, MITRE ATT&CK, NIST 800-53, CIS Controls

Usage

Provide the agent with access to architecture documentation, source code, infrastructure-as-code files, or a description of the system. Specify the desired methodology and any compliance standards to map against. The agent will produce a complete threat model with a prioritized threat register and mitigation plan.

Prompt example:

Perform a STRIDE threat model on our microservices architecture. The services are defined in /infra/docker-compose.yml and the source code is in /services/. Focus on the API gateway, authentication service, and payment service. Map findings to OWASP Top 10.

Examples

Example 1: STRIDE Analysis for a Microservices E-Commerce Platform

System Components: API Gateway, Auth Service, Product Service, Payment Service, PostgreSQL database, Redis cache, RabbitMQ message broker.

STRIDE Threat Table:

ID	Component	STRIDE Category	Threat Description	Risk	OWASP	Mitigation
T-01	API Gateway	Spoofing	Attacker forges JWT tokens to impersonate users	High	A07:2021	Validate JWT signatures using RS256 with key rotation; reject HS256 tokens
T-02	API Gateway	Denial of Service	Volumetric attack overwhelms the gateway, blocking legitimate traffic	High	—	Implement rate limiting per client IP and API key; deploy behind a CDN with DDoS protection
T-03	Auth Service	Spoofing	Credential stuffing using leaked username/password databases	High	A07:2021	Enforce MFA, implement rate limiting on `/login`, integrate breach-detection APIs (HaveIBeenPwned)
T-04	Auth Service	Repudiation	User denies performing a sensitive action (e.g., changing email)	Medium	A09:2021	Log all authentication events and account changes to an immutable audit log with timestamps and source IP
T-05	Payment Service	Tampering	Attacker modifies order total in transit between Product Service and Payment Service	Critical	A04:2021	Sign inter-service messages with HMAC; Payment Service re-fetches price from database instead of trusting the request payload
T-06	Payment Service	Information Disclosure	Credit card numbers logged in plaintext to application logs	Critical	A02:2021	Mask PAN data in all logs; use a PCI-compliant tokenization service; restrict log access
T-07	PostgreSQL	Tampering	SQL injection via Product Service search endpoint alters database records	High	A03:2021	Use parameterized queries exclusively; apply least-privilege database roles per service
T-08	RabbitMQ	Information Disclosure	Messages in transit between services are readable by network attackers	Medium	A02:2021	Enable TLS for all RabbitMQ connections; encrypt sensitive message payloads at the application layer
T-09	Redis Cache	Elevation of Privilege	Unauthenticated Redis instance allows any service to read/write session data	High	A01:2021	Enable Redis AUTH with a strong password; bind to private network interface only; use ACLs to restrict key access per service

Example 2: Attack Tree for an Authentication System

Root Goal: Gain unauthorized access to a user account.

Gain Unauthorized Access to User Account
├── 1. Steal Valid Credentials
│   ├── 1.1 Phishing attack targeting user email [Likelihood: High]
│   ├── 1.2 Credential stuffing from breached databases [Likelihood: High]
│   └── 1.3 Keylogger malware on user device [Likelihood: Medium]
├── 2. Bypass Authentication
│   ├── 2.1 Exploit password reset flow
│   │   ├── 2.1.1 Predictable reset token (insufficient entropy) [Likelihood: Medium]
│   │   └── 2.1.2 Reset link does not expire [Likelihood: Low]
│   ├── 2.2 Session hijacking
│   │   ├── 2.2.1 Steal session cookie via XSS [Likelihood: Medium]
│   │   └── 2.2.2 Session fixation attack [Likelihood: Low]
│   └── 2.3 Forge or tamper with JWT
│       ├── 2.3.1 Algorithm confusion attack (HS256 vs RS256) [Likelihood: Medium]
│       └── 2.3.2 Weak signing secret (brute-forceable) [Likelihood: Medium]
├── 3. Exploit Authorization Flaws
│   ├── 3.1 IDOR — access another user's resources by changing user ID in URL [Likelihood: High]
│   └── 3.2 Privilege escalation — modify role claim in JWT payload [Likelihood: Medium]
└── 4. Compromise the Auth Service Directly
    ├── 4.1 SQL injection in login endpoint [Likelihood: Medium]
    └── 4.2 Exploit unpatched dependency in auth service [Likelihood: Medium]

Mitigations derived from the attack tree:

Attack Path	Mitigation	Priority
1.2 Credential stuffing	Rate limit login to 5 attempts per minute per IP; integrate HaveIBeenPwned API; require MFA	Critical
2.1.1 Predictable reset token	Generate tokens with 256-bit cryptographic randomness; expire after 15 minutes	High
2.3.1 Algorithm confusion	Explicitly set `algorithms: ["RS256"]` in JWT verification; reject tokens with `alg: none` or `HS256`	High
3.1 IDOR	Enforce server-side ownership checks on every resource access; never rely on client-supplied user IDs	High
4.1 SQL injection	Use parameterized queries; deploy a WAF rule for SQL injection patterns on the login endpoint	High

Best Practices

Threat model early in the design phase — identifying threats before code is written is dramatically cheaper than discovering them in production. Include threat modeling as a gate in the design review process.
Keep the model a living document — a threat model created once and never updated is worse than useless because it creates a false sense of security. Review and update it with every major architectural change or new feature.
Involve cross-functional stakeholders — developers understand the code, ops understands the deployment, and product understands the business impact. Effective threat modeling requires input from all three perspectives.
Focus on trust boundaries — the most exploitable vulnerabilities occur where data crosses trust boundaries: between the user and the application, between services, between the application and the database. Prioritize threats at these junctions.
Use threat modeling to drive backlog items — every mitigation identified should become a trackable work item with an owner and a deadline. Threat models that do not produce actionable backlog items have failed.
Validate threats with testing — after identifying a threat, write a corresponding security test (penetration test, integration test, or DAST rule) that verifies the mitigation is effective.

Edge Cases

Microservices with shared databases — when multiple services read and write to the same database, trust boundaries are blurred. A vulnerability in one service can compromise data that "belongs" to another service. Model each service's database access as a separate trust boundary and enforce schema-level isolation.
Third-party API integrations — external APIs (payment processors, identity providers, analytics) introduce threats outside your control. Model the integration as an untrusted data source, validate all responses, and plan for API outages or data integrity failures.
Event-driven architectures — in systems with message queues and event buses, threats include message injection, replay attacks, and out-of-order processing. Model the message broker as a component with its own trust boundary and ensure message authentication and idempotent processing.
Multi-tenant SaaS platforms — threats unique to multi-tenancy include cross-tenant data leakage, noisy-neighbor denial of service, and tenant impersonation. Model tenant isolation at the network, application, and data layers separately.
Rapidly evolving systems with frequent deploys — if the architecture changes weekly, a quarterly threat model review is insufficient. Integrate lightweight threat assessments into the PR review process for changes that modify trust boundaries, add new data flows, or introduce new external integrations.

name	threat-modeling
description	Conduct structured threat modeling for software systems using established methodologies to identify, prioritize, and mitigate security threats before they are exploited.
license	MIT
metadata	{"author":"awesome-ai-agent-skills","version":"1.0.0"}