What threat modeling frameworks does this skill support?

The skill includes built-in logic for the STRIDE framework (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege) but can be extended for other methodologies.

How does it help with regulatory compliance?

It allows you to tag requirements with specific compliance references such as SOC2, GDPR, or ISO 27001, automatically generating a traceability matrix between threats and required controls.

Is this skill meant for security professionals only?

While useful for security experts, it is specifically designed to help developers and product owners translate security risks into actionable engineering tasks without needing deep security expertise.

Can I export these requirements to project documentation?

Yes, the skill provides templates to export requirements as structured Markdown, making it easy to include them in architecture documents, READMEs, or pull request descriptions.

Security Requirement Extractor

Name: Security Requirement Extractor
Author: nguyendinhquocx

bynguyendinhquocx

보안 및 테스팅

Transforms threat models and business logic into actionable security requirements, user stories, and test specifications.

소개

This skill bridges the gap between high-level threat analysis and low-level technical implementation by programmatically deriving security requirements. It allows developers and security engineers to convert STRIDE-based threats or business risks into structured data models, complete with acceptance criteria, priority levels, and compliance mapping for frameworks like GDPR or SOC2. By automating the generation of security-focused user stories and test cases, it ensures that security is integrated into the development lifecycle from the start, improving traceability and reducing the risk of overlooked vulnerabilities.

주요 기능

Automated extraction of security requirements from STRIDE threat categories
Standardized templates for security user stories and acceptance criteria
Traceability mapping between threats, requirements, and compliance frameworks
Generation of verifiable security test cases and verification scripts
Support for functional, non-functional, and constraint-based security requirements
0 GitHub stars

사용 사례

Converting a STRIDE threat model into a backlog of security-focused development tasks
Generating security acceptance criteria during the feature design phase
Mapping technical security controls to compliance frameworks like PCI-DSS or HIPAA

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add nguyendinhquocx/code-ai security-requirement-extraction

For use in Claude.ai and ChatGPT

Download Skill

GitHub

소개