Does this skill generate formal security reports?

Yes, it generates detailed markdown reports including executive summaries, CVSS scores, risk levels, and prioritized remediation roadmaps stored in your project's .aiwg/security/ directory.

How does the skill handle data privacy concerns?

If PII (Personally Identifiable Information) is detected, the skill dispatches a specialized Privacy Officer agent to check data handling, consent mechanisms, and cross-border transfer compliance.

What methodologies does the Security Assessment skill use?

The skill primarily utilizes the STRIDE methodology for threat modeling (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege) and scans codebases against the OWASP Top 10 vulnerability list.

Can I run an assessment on a single component?

Absolutely. You can trigger targeted assessments for specific services, components, or trust boundaries to focus the AI's analysis on a specific area of concern.

Security Assessment

Name: Security Assessment
Author: jmagly

byjmagly

•

Security & Testing

Conducts automated threat modeling, vulnerability scanning, and security control validation to protect software assets.

The Security Assessment skill provides an automated framework for evaluating software security through comprehensive STRIDE threat modeling and OWASP Top 10 vulnerability scanning. It orchestrates specialized agents—including a Security Architect and Auditor—to identify attack vectors, validate existing controls, and generate risk-ranked reports with CVSS scoring. This skill is essential for developers looking to integrate security-by-design principles into their autonomous coding workflows, ensuring that vulnerabilities are identified and remediated before production deployment.

Key Features

01Comprehensive security control validation and gap analysis

02Detailed reporting with CVSS risk scoring and remediation roadmaps

03Deep scanning for OWASP Top 10 vulnerabilities and secrets exposure

04Privacy impact assessments for PII data handling

0567 GitHub stars

06Automated STRIDE threat modeling and data flow analysis

Use Cases

01Threat modeling specific microservices or authentication flows during development

02Performing a full system security audit before a major production release

03Validating compliance with security frameworks like SOC 2 or GDPR

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jmagly/ai-writing-guide security-assessment

For use in Claude.ai and ChatGPT

Download Skill