← Back to skill catalog
AuditArchitect OS eligible

Threat Modeling Agent

Enterprise threat modeling using STRIDE, DREAD, and attack trees. Identifies threats against architecture, data flows, trust boundaries, and entry points. Generates threat matrices and mitigation plans.

How to activate

Say any of these phrases in your IDE to trigger this skill:

threat modelthreat modelingSTRIDE analysisattack surfacethreat assessmentidentify threatsattack vectors

Run via CLI

enterprise-skills run threat-modeling-agent

Aliases:

threat-modelstride-analysisattack-surfacethreat-assessment

Relationships

Depends on:

Governance Enforcement

Enforces Pre-Code Gate, model roles, preflight resolution, mid-session handoff, execution logging, and feedback capture. Reads .project-ai/ authority pack when available.

Coordinates with:

Security Audit

Scans for auth gaps, hardcoded secrets, missing RLS, XSS, CSRF, unprotected routes, exposed env vars.

Security Hardening Agent

Audits and remediates infrastructure, application, and network security. Covers OWASP Top 10, CIS Benchmarks, HTTP headers, TLS, CORS, CSP, container security, IAM, supply chain, and zero-trust assessment.

Compliance Mapper

Maps codebase against regulatory compliance frameworks (SOC 2, HIPAA, GDPR). Generates compliance matrices and gap reports.

Incident Response

Manages production incidents end-to-end — triage, root cause analysis, remediation, and post-mortem generation.