How does it handle risk prioritization?

It calculates priority by evaluating the impact and likelihood of identified threats to assign levels ranging from Low to Critical.

Does it help with compliance frameworks?

Yes, it includes mappings and reference fields for common frameworks like PCI DSS, HIPAA, GDPR, SOC2, and NIST CSF.

What threat modeling framework does this skill support?

It primarily supports the STRIDE framework (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege) for mapping threats to requirements.

Can I export requirements to my project documentation?

Yes, the skill includes features to export requirements as formatted Markdown, including user stories and test specifications.

Security Requirement Extractor

Name: Security Requirement Extractor
Author: Tahir-yamin

byTahir-yamin

•

Seguridad y Pruebas

Translates threat models and business context into actionable security requirements, user stories, and test cases.

Acerca de

This skill automates the process of converting complex threat analysis into practical, implementable security specifications. It utilizes the STRIDE framework to map threats to specific security domains like authentication, data protection, and audit logging. By providing structured templates and automated extraction logic, it helps development teams build security into the software lifecycle early, ensuring every identified risk has a corresponding, testable requirement and a clear path to verification.

Características Principales

Structured risk prioritization based on impact and likelihood
3 GitHub stars
STRIDE-based threat-to-requirement mapping
Traceability matrix generation for threat-to-requirement auditing
Exportable markdown documentation for security architecture
Automated generation of security user stories and acceptance criteria

Casos de Uso

Mapping business data protection goals to technical implementation requirements
Creating automated security test specifications for compliance audits
Converting a STRIDE threat model into a backlog of security user stories

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add tahir-yamin/dev-engineering-playbook security-requirement-extraction

For use in Claude.ai and ChatGPT

Download Skill

GitHub