What threat modeling frameworks does this skill support?

The skill is specifically optimized for the STRIDE framework (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege) but can be adapted for other modeling methodologies.

Can I export these requirements to project management tools?

Yes, the skill generates requirements in standardized Markdown and user story formats that are easily imported into tools like Jira, GitHub Issues, or Azure DevOps.

How does this skill help with regulatory compliance?

It includes built-in enums and mapping logic for major frameworks like GDPR, HIPAA, PCI DSS, and SOC2, allowing you to tag requirements with specific compliance references.

Does it provide test cases for the requirements?

Absolutely. For every requirement extracted, the skill can generate a test specification including test cases and acceptance criteria verification steps.

Security Requirement Extraction

Name: Security Requirement Extraction
Author: EngineerWithAI

byEngineerWithAI

Seguridad y Pruebas

Transforms threat models and business context into actionable security requirements and testable user stories.

Acerca de

This skill bridges the gap between high-level threat analysis and technical implementation by automatically deriving specific security requirements from identified threats. It categorizes requirements into functional, non-functional, and constraint types while providing structured templates for building comprehensive security requirement sets. By mapping STRIDE categories to technical controls, it ensures that security is baked into the development lifecycle through clear acceptance criteria, priority levels, and traceable test cases suitable for security-conscious engineering teams.

Características Principales

Creates comprehensive test specifications for security verification
Produces traceability matrices linking requirements back to specific threats
0 GitHub stars
Automated threat-to-requirement mapping based on STRIDE categories
Supports compliance mapping for frameworks like PCI DSS, HIPAA, and GDPR
Generates security-focused user stories with detailed acceptance criteria

Casos de Uso

Generating a security traceability matrix for compliance and architectural audits
Converting a STRIDE threat model into a developer backlog of security user stories
Building a suite of security test cases based on derived technical requirements

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add engineerwithai/engineerwith-agents security-requirement-extraction

For use in Claude.ai and ChatGPT

Download Skill

GitHub