What is a repository-grounded threat model?

It is a security analysis specifically based on the actual code, components, and architecture found in your repository, rather than a generic security checklist.

What kind of output does it generate?

It produces a comprehensive Markdown report containing the system model, trust boundaries, prioritized threats, and specific mitigation strategies tailored to your code.

How does it prioritize security risks?

It uses qualitative assessments of likelihood and impact (ranging from Low to Critical) based on attacker exposure and the sensitivity of the involved assets.

Does this skill perform general code reviews?

No, it is specifically designed for threat modeling and should not be used for general architecture summaries, linting, or non-security related design work.

When should I trigger this skill?

Use it when you need to perform an AppSec review, identify potential abuse paths, or document the security posture of a specific project path or codebase.

OpenAI Security Threat Model

Name: OpenAI Security Threat Model
Author: trailofbits

bytrailofbits

•

253

•

安全与测试

Generates repository-grounded AppSec threat models by analyzing trust boundaries, assets, and potential abuse paths.

This skill transforms Claude into a specialized application security engineer capable of producing professional-grade threat models directly from your source code. By analyzing your repository's architecture, entry points, and data flows, it enumerates realistic attacker goals, identifies critical trust boundaries, and suggests actionable mitigations. It follows a rigorous workflow that includes calibrating attacker capabilities and prioritizing risks based on qualitative likelihood and impact, ensuring the resulting Markdown report is grounded in evidence rather than generic security checklists.

主要功能

01Identification of trust boundaries, entry points, and data flows

02Risk prioritization using qualitative likelihood and impact assessments

03Automated repository-grounded threat discovery and asset mapping

04253 GitHub stars

05Detailed enumeration of abuse paths and realistic attacker capabilities

06Actionable mitigation recommendations tied to specific code locations

使用场景

01Performing a security audit on a new repository or project sub-path

02Generating professional security documentation for compliance or internal reviews

03Validating architectural security assumptions during the development phase

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add trailofbits/skills-curated openai-security-threat-model

For use in Claude.ai and ChatGPT

Download Skill