f418a8fe08
Full port of llm-security plugin for internal use on Windows with GitHub Copilot CLI. Protocol translation layer (copilot-hook-runner.mjs) normalizes Copilot camelCase I/O to Claude Code snake_case format — all original hook scripts run unmodified. - 8 hooks with protocol translation (stdin/stdout/exit code) - 18 SKILL.md skills (Agent Skills Open Standard) - 6 .agent.md agent definitions - 20 scanners + 14 scanner lib modules (unchanged) - 14 knowledge files (unchanged) - 39 test files including copilot-port-verify.mjs (17 tests) - Windows-ready: node:path, os.tmpdir(), process.execPath, no bash Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
80 lines
3 KiB
Markdown
80 lines
3 KiB
Markdown
---
|
|
name: security-threat-model
|
|
description: Interactive threat modeling using STRIDE and MAESTRO frameworks — guides architecture analysis and generates threat model document
|
|
---
|
|
|
|
# Threat Model
|
|
|
|
Interactive STRIDE/MAESTRO threat modeling session. 15-30 minutes → complete threat model document.
|
|
|
|
## Principles
|
|
|
|
- Ask one question at a time
|
|
- Not a rubber stamp — challenge assumptions
|
|
- Cite OWASP IDs (LLM01-LLM10, ASI01-ASI10)
|
|
- Distinguish theoretical threats from actively exploited ones
|
|
- Advisory output only — no file modifications
|
|
|
|
## Phase 1: Architecture Discovery
|
|
|
|
Read knowledge files:
|
|
- `<plugin-root>/knowledge/skill-threat-patterns.md`
|
|
- `<plugin-root>/knowledge/mcp-threat-patterns.md`
|
|
- `<plugin-root>/knowledge/mitigation-matrix.md`
|
|
|
|
Ask the user these questions (one at a time):
|
|
1. What type of system is this? (plugin, MCP server, standalone agent, API service)
|
|
2. What tools/MCP servers does the agent have access to? (file system, network, databases, external APIs)
|
|
3. What data does the system handle? (credentials, PII, source code, business data)
|
|
4. Who are the users and what's the trust model? (single developer, team, external users)
|
|
5. How is it deployed? (local CLI, VS Code extension, cloud agent, CI/CD)
|
|
|
|
## Phase 2: Component Mapping
|
|
|
|
Map identified components to MAESTRO 7-Layer Model:
|
|
- L1 Foundation Models — Base LLM capabilities
|
|
- L2 Data Operations — RAG, embeddings, knowledge bases
|
|
- L3 Agent Frameworks — Orchestration, tool routing
|
|
- L4 Tool Ecosystem — MCP servers, API integrations
|
|
- L5 Deployment — Runtime environment, containers
|
|
- L6 Interaction — User interfaces, chat, CLI
|
|
- L7 Ecosystem — Plugin marketplace, supply chain
|
|
|
|
Present the mapping for user confirmation.
|
|
|
|
## Phase 3: Threat Identification
|
|
|
|
Apply STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege) to each relevant MAESTRO layer.
|
|
|
|
For each threat: state actor, method, asset at risk, impact, OWASP ID, whether it's known to be exploited in the wild.
|
|
|
|
## Phase 4: Risk Assessment
|
|
|
|
Rate each threat: Likelihood (1-5) x Impact (1-5) = Risk Score.
|
|
- 20-25: Critical — Immediate action required
|
|
- 12-19: High — Address within current sprint
|
|
- 6-11: Medium — Plan remediation
|
|
- 1-5: Low — Accept or monitor
|
|
|
|
Present the risk matrix for user validation.
|
|
|
|
## Phase 5: Mitigation Mapping
|
|
|
|
Read `<plugin-root>/knowledge/mitigation-matrix.md`. For each threat, classify the control status:
|
|
- Already mitigated (existing hooks, settings)
|
|
- Can be mitigated (configuration change or code fix)
|
|
- Partially mitigated
|
|
- Accepted risk (documented rationale)
|
|
- External dependency
|
|
|
|
## Output: Threat Model Document
|
|
|
|
Produce an 8-section document:
|
|
1. System Description
|
|
2. Architecture Overview
|
|
3. MAESTRO Layer Mapping
|
|
4. Threat Catalog (per layer, with STRIDE/OWASP/likelihood/impact/scenario/control/recommendation)
|
|
5. Risk Matrix
|
|
6. Mitigation Plan (Critical+High actions, Already Mitigated, Accepted Risks)
|
|
7. Residual Risk Summary
|
|
8. Assumptions and Limitations
|