Can I export reports for use in other tools?

Absolutely. The skill supports exporting in JSON for programmatic use, HTML for web viewing, and Markdown for documentation repositories.

Does this skill require existing threat model data to work?

Yes, it aggregates and analyzes data stored in your .threatmodel/state/ and .threatmodel/diagrams/ directories to generate its findings.

Where are the generated reports saved?

By default, reports are saved to the .threatmodel/reports/ directory in Markdown format, though custom paths can be specified.

What frameworks does the tm-report skill support?

It primarily supports the STRIDE and PASTA frameworks, providing specific mapping for common compliance standards like OWASP Top 10 and SOC2.

Can I customize the level of detail in the security reports?

Yes, you can choose between 'executive', 'standard', and 'detailed' levels using the --level argument to suit your target audience.

Security Risk Report Generator

Name: Security Risk Report Generator
Author: josemlopez

byjosemlopez

0•

Security & Testing

Generates comprehensive, prioritized security risk reports and executive summaries from threat model data.

The tm-report skill automates the creation of professional security documentation by analyzing threat model states, architecture diagrams, and control inventories. It produces tailored outputs ranging from high-level executive summaries for leadership to detailed technical appendices for engineering teams, complete with risk heat maps, compliance mapping for frameworks like SOC2 and OWASP, and prioritized remediation strategies. This tool is essential for teams needing to maintain audit-ready documentation and clear visibility into their system's security posture within the Claude Code environment.

Key Features

01Automated generation of executive summaries and detailed risk reports

02Prioritized risk scoring based on severity and business impact

03Visual risk distribution using ASCII progress bars and Mermaid architecture diagrams

04Gap analysis and compliance mapping for frameworks like OWASP Top 10 and SOC2

050 GitHub stars

06Multi-format export support including Markdown, JSON, and HTML

Use Cases

01Briefing executive leadership on project-specific security risks and resource requirements

02Preparing security documentation for SOC2 or ISO 27001 audit compliance

03Conducting gap analysis to prioritize security engineering tasks and remediation efforts

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add josemlopez/threat-modeling-toolkit tm-report

For use in Claude.ai and ChatGPT

Download Skill