Where are the security reports and findings stored?

All assessment outputs, including the main report, threat models, and control matrices, are saved as Markdown files within the .aiwg/security/ directory of your repository.

Does this skill support compliance standards?

Yes, it evaluates your project against the OWASP Top 10 and provides preliminary compliance status for frameworks like SOC 2 and GDPR.

How does the STRIDE threat modeling work?

The skill dispatches a Security Architect agent to analyze your system architecture, identifying threats across Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege categories.

Can I run a scan on a specific component instead of the whole project?

Absolutely. You can trigger targeted assessments using commands like 'Threat model the authentication service' to focus on specific trust boundaries.

Security Assessment

Name: Security Assessment
Author: jmagly

byjmagly

•

Security & Testing

Conducts comprehensive security audits, threat modeling, and vulnerability scanning for autonomous agentic coding projects.

About

The Security Assessment skill automates the identification and mitigation of security risks through an integrated multi-agent workflow. By orchestrating specialized agents for STRIDE threat modeling, OWASP Top 10 vulnerability scanning, and security control validation, it provides developers with a complete risk profile and actionable remediation roadmap. Whether assessing a specific component or a full system architecture, this skill ensures compliance, calculates CVSS scores, and generates detailed markdown reports to maintain a robust security posture throughout the software development lifecycle.

Key Features

Automated OWASP Top 10 pattern scanning for common web and application vulnerabilities.
STRIDE threat modeling to identify architectural vulnerabilities and attack vectors.
Standardized risk scoring using CVSS base metrics with prioritized remediation SLAs.
Security control mapping and implementation validation against project requirements.
67 GitHub stars
Privacy assessment for PII handling, data retention, and GDPR compliance.

Use Cases

Performing a full security review before deploying new features to a production environment.
Generating a targeted threat model for sensitive components like authentication or payment services.
Validating security control effectiveness and identifying coverage gaps in existing infrastructure.

About

Key Features

Automated OWASP Top 10 pattern scanning for common web and application vulnerabilities.
STRIDE threat modeling to identify architectural vulnerabilities and attack vectors.
Standardized risk scoring using CVSS base metrics with prioritized remediation SLAs.
Security control mapping and implementation validation against project requirements.
67 GitHub stars
Privacy assessment for PII handling, data retention, and GDPR compliance.

Use Cases

Performing a full security review before deploying new features to a production environment.
Generating a targeted threat model for sensitive components like authentication or payment services.
Validating security control effectiveness and identifying coverage gaps in existing infrastructure.