Can I use this for compliance audits?

Yes, the skill includes templates for mapping requirements to major frameworks like SOC2, HIPAA, GDPR, and PCI DSS, making it easier to generate audit-ready documentation.

How does this skill translate threats into requirements?

It uses the STRIDE methodology to categorize threats and then applies predefined patterns to suggest specific security domains, such as authentication or data protection, that need addressed.

Do I need to be a security expert to use this?

While security knowledge is helpful, the skill provides a guided framework and templates that help developers identify and document necessary security controls without being experts.

What output formats does the skill support?

It generates structured Markdown for project documentation, Python-based data models for programmatic integration, and standard User Story formats for Jira or GitHub issues.

Security Requirement Extractor

Name: Security Requirement Extractor
Author: GaitanS

byGaitanS

セキュリティとテスト

Transforms threat models and business context into actionable, testable security requirements and structured user stories.

概要

This skill bridges the gap between high-level threat analysis and technical implementation by automatically deriving structured security requirements from threat models. By leveraging methodologies like STRIDE, it maps potential vulnerabilities to specific functional and non-functional requirements, generating traceable security user stories, acceptance criteria, and test specifications. It is an essential tool for security engineers and developers aiming to implement security-by-design, ensuring that every identified threat is met with a documented, verifiable technical control or business requirement.

主な機能

STRIDE-based threat-to-requirement mapping
Automated security user story and acceptance criteria generation
Compliance framework mapping for GDPR, HIPAA, and PCI DSS
Test specification generation for security verification
0 GitHub stars
Traceability matrix creation for threat-requirement linking

ユースケース

Converting a STRIDE threat model into a development backlog of security tasks
Creating automated security test cases based on derived requirements
Mapping technical security controls to regulatory compliance standards

概要

主な機能

STRIDE-based threat-to-requirement mapping
Automated security user story and acceptance criteria generation
Compliance framework mapping for GDPR, HIPAA, and PCI DSS
Test specification generation for security verification
0 GitHub stars
Traceability matrix creation for threat-requirement linking

ユースケース

Converting a STRIDE threat model into a development backlog of security tasks
Creating automated security test cases based on derived requirements
Mapping technical security controls to regulatory compliance standards