AI Skill Report Card
Threat Modeling Features
YAML--- name: threat-modeling-features description: Creates focused threat models for software features using STRIDE methodology. Use when analyzing security risks for new features, APIs, or system components. ---
Feature Threat Modeling
Quick Start15 / 15
Input: "User registration API that accepts email, password, stores in database"
Output:
THREAT MODEL: User Registration API
TRUST BOUNDARIES:
- Client ↔ API Server
- API Server ↔ Database
STRIDE ANALYSIS:
[S] Spoofing: Weak password policy, no email verification
[T] Tampering: SQL injection in email field, password storage without hashing
[R] Repudiation: No registration audit logs
[I] Information Disclosure: Error messages leak user existence
[D] Denial of Service: No rate limiting on registration attempts
[E] Elevation of Privilege: Default user roles not restricted
TOP 3 RISKS:
1. HIGH: SQL injection → Database compromise
2. MEDIUM: Weak passwords → Account takeover
3. MEDIUM: No rate limiting → Resource exhaustion
MITIGATIONS:
- Input validation and parameterized queries
- Strong password policy + hashing (bcrypt/Argon2)
- Rate limiting (5 attempts/minute per IP)
Recommendation▾
Streamline the workflow section - the checklist and step explanations are somewhat redundant
Workflow13 / 15
Progress:
- Map data flow and trust boundaries
- Apply STRIDE to each boundary crossing
- Prioritize threats by likelihood × impact
- Define specific mitigations
- Review against OWASP Top 10
Step 1: Parse Feature Scope Extract: data types, user roles, external dependencies, storage
Step 2: Identify Trust Boundaries Map where data crosses security contexts (user→app, app→database, app→external service)
Step 3: Apply STRIDE Framework For each boundary:
- Spoofing: Can attacker impersonate legitimate entity?
- Tampering: Can data be modified maliciously?
- Repudiation: Can actions be denied later?
- Information Disclosure: Can sensitive data leak?
- Denial of Service: Can availability be impacted?
- Elevation of Privilege: Can permissions be bypassed?
Step 4: Risk Prioritization
- HIGH: Easy to exploit + severe impact
- MEDIUM: Moderate effort or impact
- LOW: Difficult to exploit + minimal impact
Recommendation▾
Add a template or framework section with a reusable threat model format
Examples18 / 20
Example 1: Input: File upload endpoint for profile pictures Output:
BOUNDARIES: Client → Upload Handler → File Storage
THREATS:
[T] Malicious file upload (executable disguised as image)
[D] Large file DOS attack
[I] Directory traversal in filename
MITIGATIONS: File type validation, size limits, sandboxed storage
Example 2: Input: Payment processing integration with Stripe Output:
BOUNDARIES: Frontend → Backend → Stripe API
THREATS:
[S] API key exposure in client code
[T] Amount manipulation before Stripe call
[I] Payment data logged in plaintext
MITIGATIONS: Server-side validation, PCI-compliant logging, key rotation
Recommendation▾
Include more edge cases like mobile apps, microservices, or third-party integrations in examples
Best Practices
- Stay feature-focused - Don't model the entire system
- Use concrete examples - "Admin can delete any user account" not "privilege escalation"
- Prioritize ruthlessly - Highlight top 3-5 risks max
- Include quick wins - Balance high-impact items with easy fixes
- Reference standards - OWASP Top 10, CWE categories when relevant
Common Pitfalls
- Boilerplate threats - Generic "SQL injection possible" without context
- Missing trust boundaries - Not identifying where data changes security context
- Analysis paralysis - Modeling every theoretical risk instead of likely ones
- Solution-first thinking - Jumping to mitigations before understanding threats
- Ignoring business context - Technical risks without considering actual usage patterns