What security frameworks does this skill support?

It utilizes the STRIDE methodology for threat modeling and checks against the OWASP Top 10 vulnerability categories, while also mapping controls to frameworks like SOC 2 and GDPR.

Which AI agents are involved in the security assessment?

The skill orchestrates a Security Architect for threat modeling, a Security Auditor for scanning, a Security Gatekeeper for control validation, and a Privacy Officer for data handling reviews.

Can I run an assessment on a specific part of my code?

Yes, you can trigger a targeted assessment by specifying a component, for example: 'threat model the authentication service'.

Does the skill provide remediation guidance?

Every assessment generates a report that includes risk-ranked findings, CVSS scores, and a prioritized remediation roadmap to fix identified issues.

Security Assessment & Threat Modeling

Name: Security Assessment & Threat Modeling
Author: jmagly

byjmagly

•

安全与测试

Orchestrates comprehensive security audits, STRIDE threat modeling, and OWASP vulnerability scanning for autonomous coding projects.

The Security Assessment skill automates the end-to-end security lifecycle of software projects by deploying specialized AI agents to analyze architecture and code. It performs rigorous STRIDE threat modeling, scans for OWASP Top 10 vulnerability patterns, and validates security controls against established frameworks like SOC 2 and GDPR. By providing risk-ranked findings with CVSS scores and actionable remediation roadmaps, it enables developers to identify and fix critical vulnerabilities before they reach production, ensuring high-integrity deployments in agentic workflows.

主要功能

01Automated STRIDE threat modeling and attack vector identification

02Privacy impact assessments for PII and data handling

03Comprehensive OWASP Top 10 vulnerability pattern detection

04Detailed reporting with CVSS scoring and remediation roadmaps

05Security control validation and compliance gap analysis

0667 GitHub stars

使用场景

01Continuous vulnerability scanning during active development sprints

02Pre-deployment security reviews for new microservices or APIs

03Compliance readiness audits for SOC 2 or GDPR data handling

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jmagly/ai-writing-guide security-assessment

For use in Claude.ai and ChatGPT

Download Skill