Establishes structured threat models and trust boundaries before security audits to ensure prioritized, context-aware vulnerability analysis.
The Threat Model skill ensures that security audits move beyond generic pattern matching by forcing a structured analysis of a system's architecture, trust boundaries, and attacker profiles before any code analysis begins. By identifying critical 'crown jewels' and calibrating impact severity to the specific deployment context, it transforms noisy security reports into prioritized, actionable insights. This skill is essential for engineers and security researchers who need to validate reachability, eliminate false positives, and focus on vulnerabilities that pose a genuine threat to the system's integrity.
주요 기능
01Attacker profile and motivation modeling
021 GitHub stars
03System-specific 'crown jewel' identification
04Attack surface prioritization framework
05Step-by-step trust boundary mapping
06Contextual impact severity calibration
사용 사례
01Filtering generic security scan results to identify high-impact risks
02Defining the security scope for a new software project or microservice
03Modeling insider and supply chain threats during a system architecture review
