How does this skill use threat models?

The skill maps STRIDE categories (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege) to specific technical controls and security domains to ensure every threat is mitigated.

Does it generate test cases automatically?

Yes, for every security requirement extracted, the skill generates corresponding test specifications and acceptance criteria to ensure the requirement is verifiable.

Is this skill compatible with Agile workflows?

Absolutely. It can format security requirements as standard user stories, complete with 'As a...', 'I need to...', and 'So that...' structures for easy inclusion in your sprint backlog.

Can I use this for compliance audits?

Yes, it includes built-in mappings for major frameworks like GDPR, HIPAA, SOC2, and PCI DSS, making it easier to document how your requirements meet specific regulatory standards.

Security Requirement Extractor

Name: Security Requirement Extractor
Author: sla-te

bysla-te

0•

Security & Testing

Generates actionable security requirements, user stories, and test cases directly from threat models and business context.

This skill bridges the gap between high-level threat analysis and technical implementation by transforming abstract security concerns into structured, developer-ready requirements. By leveraging industry-standard frameworks like STRIDE and mapping them to various compliance standards such as GDPR, HIPAA, and PCI DSS, it automates the creation of security user stories, acceptance criteria, and traceability matrices. It is an essential tool for security architects and developers who need to ensure that robust protection measures and verification steps are integrated into the software development lifecycle from the earliest stages.

Key Features

01Support for major regulatory standards including PCI DSS, HIPAA, and GDPR

02Creation of comprehensive security test specifications and verification steps

03Generation of security-focused user stories with detailed acceptance criteria

040 GitHub stars

05Traceability matrix generation linking requirements to specific threats and compliance frameworks

06Automated threat-to-requirement mapping using STRIDE methodology

Use Cases

01Converting architectural threat models into actionable developer backlogs

02Mapping technical security controls to regulatory compliance requirements for audit preparation

03Building automated security test suites based on identified system vulnerabilities

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add sla-te/copilot-converter security-requirement-extraction

For use in Claude.ai and ChatGPT

Download Skill