| name | tachi-shared |
| description | Shared reference files consumed by multiple tachi agents. Contains canonical definitions for severity bands, STRIDE+AI categories, and finding format that serve as the single source of truth across the pipeline. Agents Read individual reference files on-demand rather than maintaining inline copies. |
Tachi Shared References
Cross-cutting domain knowledge consumed by multiple tachi agents. These reference files are the canonical source of truth for definitions that appear across the pipeline -- severity bands, STRIDE+AI threat categories, and finding format conventions. Individual agents load specific references on-demand using the Read tool rather than duplicating definitions inline.
Domain Coverage
This skill contains four shared reference files:
-
Severity Bands -- Composite score thresholds, severity band boundaries, color codes, SLA mappings, disposition defaults, and review date calculations. Used everywhere severity classification drives decisions.
-
STRIDE+AI Categories -- All 11 threat categories (6 STRIDE + 5 AI) with descriptions, ID prefixes, OWASP references, and the DFD element-to-category applicability matrix that determines which categories apply to which component types.
-
Finding Format -- The finding intermediate representation (IR) specification: required fields, optional fields, ID format conventions, validation rules, and table output format. Defines the contract between threat agents (producers) and downstream consumers.
-
MAESTRO Layers -- CSA MAESTRO seven-layer taxonomy definitions for agentic AI architectures: layer identifiers (L1-L7), descriptions, keyword-to-layer mappings, and the classification algorithm (first-match-wins, "Unclassified" default). Used during Phase 1 to classify components by architectural layer.
Loading Table
| Reference File | Consumers | Load When |
|---|
references/severity-bands-shared.md | orchestrator, risk-scorer, control-analyzer, threat-report, threat-infographic, report-assembler | When severity classification, SLA computation, governance field derivation, or severity-based formatting is needed |
references/stride-categories-shared.md | orchestrator, spoofing, tampering, repudiation, info-disclosure, denial-of-service, privilege-escalation, prompt-injection, data-poisoning, model-theft, agent-autonomy, tool-abuse | When category definitions, DFD applicability rules, or category-to-agent mapping is needed |
references/finding-format-shared.md | orchestrator, spoofing, tampering, repudiation, info-disclosure, denial-of-service, privilege-escalation, prompt-injection, data-poisoning, model-theft, agent-autonomy, tool-abuse, risk-scorer | When producing or consuming finding records, validating finding structure, or assembling output tables |
references/maestro-layers-shared.md | orchestrator, risk-scorer, control-analyzer, threat-report | When classifying components by MAESTRO layer (Phase 1), propagating layer tags through findings, or including layer metadata in output |
Loading Mechanism
Agents use the Read tool to load individual reference files on-demand at the workflow phase where the content is needed. Each reference file is self-contained and can be loaded independently. Content is evictable from context after the relevant phase completes.
# Example loading instruction in an agent body:
Read `.claude/skills/tachi-shared/references/severity-bands-shared.md`
when entering severity classification or governance field generation.
