How does this skill calculate risk scores?

It uses a composite formula: Risk Score = Exploitability (DREAD score from Stage 6) multiplied by Business Impact (1-10 scale based on regulatory and financial consequences).

What types of reports can it generate?

It generates Markdown-formatted reports with varying depths, including 'quick' (top 5 findings), 'standard' (full mapping), and 'expert' (including executive summaries and quantified risk).

Does it require previous PASTA stages to be completed?

Yes, it is a sequential tool that ideally consumes outputs from Stages 1 through 6. If data is missing, the tool will warn the user and make informed assumptions to complete the analysis.

What is PASTA Stage 7?

PASTA Stage 7 is the final phase of the Process for Attack Simulation and Threat Analysis, focusing on Risk & Impact Analysis to produce actionable, prioritized security deliverables.

PASTA Risk & Impact Analysis

Name: PASTA Risk & Impact Analysis
Author: florianbuetow

byflorianbuetow

•

安全与测试

Calculates business-weighted risk scores and generates prioritized remediation roadmaps for the PASTA threat modeling framework.

The pasta-risk skill automates the seventh and final stage of the Process for Attack Simulation and Threat Analysis (PASTA) methodology. It synthesizes findings from previous stages—combining technical exploitability with business impact—to produce a prioritized remediation strategy. By analyzing mitigation effort against risk reduction, it helps security teams and stakeholders identify 'quick wins' versus long-term architectural changes while providing compliance gap reports and executive-level summaries for clear communication with non-technical leadership.

主要功能

01Generates prioritized remediation roadmaps categorized by effort and implementation timeline.

02Produces stakeholder-ready reports ranging from quick summaries to expert executive deep-dives.

03Maps security findings directly to regulatory compliance requirements and mandates.

04Assesses residual risk and identifies necessary compensating controls for accepted risks.

056 GitHub stars

06Calculates composite risk scores by multiplying exploitability (DREAD) and business impact.

使用场景

01Converting technical vulnerability data into business-weighted risk assessments for executive reporting.

02Identifying systemic security gaps that can be resolved with a single high-impact mitigation.

03Finalizing a comprehensive application threat model with prioritized, actionable remediation steps.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add florianbuetow/claude-code pasta-risk

For use in Claude.ai and ChatGPT

Download Skill