What kind of output does it generate?

It generates structured Markdown reports, security user stories, and Python-based requirement models that include priority, rationale, and acceptance criteria.

What is security requirement extraction?

It is the process of analyzing business needs and potential threats to derive specific technical and functional requirements that ensure a system's security.

Can I use this for compliance audits?

Absolutely. It helps document the traceability between threats, compliance frameworks like SOC2 or GDPR, and the specific controls implemented in the code.

Does this skill support the STRIDE framework?

Yes, it includes specialized logic to map Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege to technical requirements.

Security Requirement Extraction

Name: Security Requirement Extraction
Author: 3commas-io

by3commas-io

0•

Security & Testing

Transforms threat models and business context into actionable security requirements, user stories, and test cases.

This skill bridges the gap between high-level security analysis and technical implementation by deriving structured security requirements from threat models and business context. By mapping threats to specific security domains like authentication, data protection, and logging, it enables developers and security engineers to generate traceable, testable user stories and acceptance criteria. It is particularly useful for ensuring compliance, building security architecture documentation, and automating the creation of security-focused test specifications within the development lifecycle.

Key Features

010 GitHub stars

02Traceability matrix creation for threat mitigation

03STRIDE-based threat to requirement mapping

04Standardized security requirement modeling

05Automated security user story generation

06Verification and test case specification generation

Use Cases

01Converting a STRIDE threat model into a developer-ready backlog of security stories

02Creating security test specifications for automated vulnerability scanning and manual audits

03Generating security acceptance criteria for feature-level compliance requirements

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add 3commas-io/commas-claude security-requirement-extraction

For use in Claude.ai and ChatGPT

Download Skill