Alanamultiskillagent
Back to skills

security-threat-model

security

Performs AppSec-grade threat modeling on a specific repository or code path. Maps trust boundaries, assets, entry points, and attacker capabilities, then enumerates concrete abuse paths with likelihoo

openaiopenai
|View all openai skills →

Setup & Installation

npx skills add https://github.com/openai/security-threat-model --skill security-threat-model
or paste the link and ask your coding assistant to install it
https://github.com/openai/security-threat-model
View on GitHub

What This Skill Does

Performs AppSec-grade threat modeling on a specific repository or code path. Maps trust boundaries, assets, entry points, and attacker capabilities, then enumerates concrete abuse paths with likelihood and impact ratings. Outputs a structured Markdown threat model file grounded in evidence from the repo. Instead of working through a generic STRIDE checklist manually, this skill anchors every threat to actual code paths and components in the repo, so the output reflects your system rather than a template.

When to use it

  • Working with security threat model functionality
  • Implementing security threat model features
  • Debugging security threat model related issues

Similar Skills

audit-context-building

A structured analysis skill for the pre-audit phase of code review. It guides Claude through line-by-line function analysis, cross-boundary call tracing, and invariant mapping before any vulnerability

auth0-android

Adds authentication to native Android apps using the Auth0 SDK. Supports Web Auth login/logout, biometric-protected credentials, secure token storage, passwordless login, and MFA. Works with both Kotl

auth0-angular

Adds authentication to Angular apps using the @auth0/auth0-angular SDK. Handles login/logout flows, route guards, HTTP interceptors for attaching tokens, and user profile access through observables. W

auth0-aspnetcore-api

Adds JWT access token validation to ASP.NET Core Web APIs using Auth0. It handles bearer token authentication, scope and permission checks, and supports DPoP proof-of-possession token binding. Works w