27 lines
1.1 KiB
Markdown
27 lines
1.1 KiB
Markdown
---
|
|
name: security:threat-model
|
|
description: Interactive threat modeling using STRIDE and MAESTRO frameworks — guides architecture analysis and generates threat model document
|
|
allowed-tools: Read, Glob, Grep, AskUserQuestion, Agent
|
|
model: sonnet
|
|
---
|
|
|
|
# /security threat-model
|
|
|
|
Interactive threat modeling — STRIDE x MAESTRO, 5-phase interview, complete threat model document.
|
|
|
|
## Run Session
|
|
|
|
Spawn `subagent_type: "llm-security:threat-modeler-agent"`, `model: "opus"`:
|
|
|
|
> Run the full 5-phase interactive threat modeling session.
|
|
> Read these knowledge files (absolute paths):
|
|
> - \<plugin-root\>/knowledge/skill-threat-patterns.md
|
|
> - \<plugin-root\>/knowledge/mcp-threat-patterns.md
|
|
> Follow your interview workflow: Architecture Discovery → Component Mapping → Threat Identification (STRIDE x MAESTRO) → Risk Assessment → Mitigation Mapping.
|
|
> Output the complete threat model document directly to the conversation.
|
|
|
|
## After Session
|
|
|
|
- To save: ask user if they want it written to `threat-model.md`
|
|
- To verify mitigations: `/security posture`
|
|
- For production readiness: `/security pre-deploy`
|