Where are the security reports and findings stored?

All assessment outputs, including the main report, threat models, and control matrices, are saved as Markdown files within the .aiwg/security/ directory of your repository.

Does this skill support compliance standards?

Yes, it evaluates your project against the OWASP Top 10 and provides preliminary compliance status for frameworks like SOC 2 and GDPR.

How does the STRIDE threat modeling work?

The skill dispatches a Security Architect agent to analyze your system architecture, identifying threats across Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege categories.

Can I run a scan on a specific component instead of the whole project?

Absolutely. You can trigger targeted assessments using commands like 'Threat model the authentication service' to focus on specific trust boundaries.

Security Assessment

Name: Security Assessment
Author: jmagly

byjmagly

•

Seguridad y Pruebas

Conducts comprehensive security audits, threat modeling, and vulnerability scanning for autonomous agentic coding projects.

The Security Assessment skill automates the identification and mitigation of security risks through an integrated multi-agent workflow. By orchestrating specialized agents for STRIDE threat modeling, OWASP Top 10 vulnerability scanning, and security control validation, it provides developers with a complete risk profile and actionable remediation roadmap. Whether assessing a specific component or a full system architecture, this skill ensures compliance, calculates CVSS scores, and generates detailed markdown reports to maintain a robust security posture throughout the software development lifecycle.

Características Principales

01Automated OWASP Top 10 pattern scanning for common web and application vulnerabilities.

02STRIDE threat modeling to identify architectural vulnerabilities and attack vectors.

03Standardized risk scoring using CVSS base metrics with prioritized remediation SLAs.

04Security control mapping and implementation validation against project requirements.

0567 GitHub stars

06Privacy assessment for PII handling, data retention, and GDPR compliance.

Casos de Uso

01Performing a full security review before deploying new features to a production environment.

02Generating a targeted threat model for sensitive components like authentication or payment services.

03Validating security control effectiveness and identifying coverage gaps in existing infrastructure.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jmagly/ai-writing-guide security-assessment

For use in Claude.ai and ChatGPT

Download Skill