What threat modeling frameworks does this skill use?

The skill primarily utilizes the STRIDE framework (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege) to categorize threats and derive requirements.

Can I export these requirements to my project management tool?

Yes, the skill generates requirements in standardized Markdown and User Story formats, making it easy to copy into tools like Jira, GitHub Issues, or ADO.

How does this help with security testing?

The skill automatically generates test specifications and acceptance criteria for every requirement, providing a clear roadmap for security verification and QA.

Does it support compliance mapping?

Yes, the templates include fields for mapping requirements to major frameworks such as PCI-DSS, HIPAA, GDPR, SOC2, and NIST CSF.

Security Requirement Extraction

Name: Security Requirement Extraction
Author: gwickman

bygwickman

0•

Security & Testing

Transforms abstract threat models into actionable security requirements, user stories, and test specifications.

Security Requirement Extraction is a specialized skill designed to bridge the gap between high-level threat analysis and technical implementation. By leveraging the STRIDE framework, it maps identified threats to specific security domains like authentication, cryptography, and input validation. This skill automates the creation of structured security requirements, generating developer-ready user stories, clear acceptance criteria, and comprehensive test cases. It is an essential tool for DevSecOps workflows, ensuring that security is baked into the development lifecycle through traceability and compliance mapping.

Key Features

01Requirement traceability matrix for threats and compliance

02Multi-domain support including AuthN, AuthZ, and Data Protection

03Comprehensive security test specification templates

04STRIDE-based threat-to-requirement mapping logic

05Automated security user story and acceptance criteria generation

060 GitHub stars

Use Cases

01Converting STRIDE threat models into a prioritized development backlog

02Mapping technical controls to compliance frameworks like GDPR or PCI-DSS

03Generating security-focused test cases for automated QA pipelines

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add gwickman/auto-dev-test-target-1 security-requirement-extraction

For use in Claude.ai and ChatGPT

Download Skill