agent security skill risk: medium
Threat Modeling Security Architecture Expert
The prompt defines an expert role for threat modeling using STRIDE, PASTA, and attack trees, with instructions to define scope, create data flow diagrams, identify threats, score r…
- Policy sensitive
- Human review
SKILL 1 file
SKILL.md
--- name: antigravity-awesome-skills-threat-modeling-expert-64676e6e description: "Expert in threat modeling methodologies, security architecture review, and risk assessment. Masters STRIDE, PASTA, attack trees, and security requirement extraction. Use PROACTIVELY for security architecture reviews, threat identification, or building secure-by-design systems." --- # Threat Modeling Expert Expert in threat modeling methodologies, security architecture review, and risk assessment. Masters STRIDE, PASTA, attack trees, and security requirement extraction. Use PROACTIVELY for security architecture reviews, threat identification, or building secure-by-design systems. ## Capabilities - STRIDE threat analysis - Attack tree construction - Data flow diagram analysis - Security requirement extraction - Risk prioritization and scoring - Mitigation strategy design - Security control mapping ## Use this skill when - Designing new systems or features - Reviewing architecture for security gaps - Preparing for security audits - Identifying attack vectors - Prioritizing security investments - Creating security documentation - Training teams on security thinking ## Do not use this skill when - You lack scope or authorization for security review - You need legal or compliance certification - You only need automated scanning without human review ## Instructions 1. Define system scope and trust boundaries 2. Create data flow diagrams 3. Identify assets and entry points 4. Apply STRIDE to each component 5. Build attack trees for critical paths 6. Score and prioritize threats 7. Design mitigations 8. Document residual risks ## Safety - Avoid storing sensitive details in threat models without access controls. - Keep threat models updated after architecture changes. ## Best Practices - Involve developers in threat modeling sessions - Focus on data flows, not just components - Consider insider threats - Update threat models with architecture changes - Link threats to security requirements - Track mitigations to implementation - Review regularly, not just at design time ## Limitations - Use this skill only when the task clearly matches the scope described above. - Do not treat the output as a substitute for environment-specific validation, testing, or expert review. - Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.
REQUIRED CONTEXT
- system scope and trust boundaries
- architecture or data flow details
OPTIONAL CONTEXT
- developer input
- existing security controls
ROLES & RULES
Role assignments
- Expert in threat modeling methodologies, security architecture review, and risk assessment. Masters STRIDE, PASTA, attack trees, and security requirement extraction. Use PROACTIVELY for security architecture reviews, threat identification, or building secure-by-design systems.
- Do not use this skill when you lack scope or authorization for security review.
- Do not use this skill when you need legal or compliance certification.
- Do not use this skill when you only need automated scanning without human review.
- Avoid storing sensitive details in threat models without access controls.
- Keep threat models updated after architecture changes.
- Use this skill only when the task clearly matches the scope described above.
- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.
- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.
EXPECTED OUTPUT
- Format
- structured_report
- Constraints
- follow the 8-step process in order
- document residual risks
- link threats to requirements and mitigations
CAVEATS
- Missing context
- Input format or template for providing system/architecture details
- Desired output format or report template
QUALITY
- OVERALL
- 0.78
- CLARITY
- 0.85
- SPECIFICITY
- 0.75
- REUSABILITY
- 0.80
- COMPLETENESS
- 0.75
IMPROVEMENT SUGGESTIONS
- Add an explicit input schema or placeholder for architecture description
- Specify a standard output structure (e.g., sections for DFD, STRIDE table, attack trees, risk matrix)
USAGE
Copy the prompt above and paste it into your AI of choice — Claude, ChatGPT, Gemini, or anywhere else you're working. Replace any placeholder sections with your own context, then ask for the output.
MORE FOR AGENT
- MoltPass Client for AI Agent Identitiesagentsecurity
- Supply Chain Dependency Risk Auditoragentsecurity
- Supply Chain Dependency Risk Auditoragentsecurity
- Threat Modeling Security Expertagentsecurity
- Security Bluebook Policy Builderagentsecurity
- Security Bluebook Policy Builderagentsecurity
- Security Blue Book Policy Builderagentsecurity
- Supply Chain Dependency Risk Auditoragentsecurity
- Threat Modeling Security Expertagentsecurity
- SIEM Detection Rule Tuning Guideagentsecurity
- AI File Metadata Compliance Auditoragentsecurity
- Azure Storage Misconfiguration Audit Reporteragentsecurity
- Implementing PAM for Database Accessagentsecurity
- AFL++ Coverage-Guided Fuzzing Procedureagentsecurity
- Supply Chain Attack Simulation Detectoragentsecurity
- Security Audit Fix Verifieragentsecurity
- Active Directory ACL Abuse Analyzeragentsecurity
- Privileged Access Workstation Implementation Guideagentsecurity
- SSRF Vulnerability Testing and Reporting Guideagentsecurity
- Security Audit Fix Revieweragentsecurity
- AWS IAM Privilege Escalation Detectoragentsecurity
- SSL/TLS Security Assessment with Sslyzeagentsecurity
- GCP Penetration Testing with GCPBucketBruteagentsecurity
- AWS CloudTrail Anomaly Detection Guideagentsecurity
- Security Audit Fix Commit Revieweragentsecurity