Threat Model Generation
Generate a comprehensive security threat model for a repository using the STRIDE methodology.
When to Use This Skill
- •First-time setup - New repository needs initial threat model
- •Architecture changes - Significant changes to components, APIs, or data flows
- •Security audit - Periodic review or compliance requirement
- •Manual request - Security team requests updated threat model
Inputs
| Input | Description | Required |
|---|---|---|
| Repository path | Root directory to analyze | Yes (default: current directory) |
| Existing threat model | Path to existing .factory/threat-model.md if updating | No |
| Compliance requirements | Frameworks to consider (SOC2, GDPR, HIPAA, etc.) | No |
Instructions
Step 1: Analyze Repository Structure
Scan the codebase to understand the system:
- •
Identify languages and frameworks
- •Check
package.json,requirements.txt,go.mod,Cargo.toml, etc. - •Note the primary tech stack
- •Check
- •
Map components and services
- •Look for
apps/,services/,packages/directories - •Identify entry points: API routes, CLI commands, web handlers
- •Note databases, caches, message queues
- •Look for
- •
Identify external interfaces
- •HTTP endpoints (REST, GraphQL)
- •File upload handlers
- •Webhook receivers
- •OAuth/SSO integrations
- •
Trace data flows
- •How does user input enter the system?
- •Where is sensitive data stored?
- •What external services are called?
Step 2: Identify Trust Boundaries
Define security zones:
- •
Public Zone (untrusted)
- •All external HTTP endpoints
- •Public APIs without authentication
- •User-uploaded files
- •
Authenticated Zone (partially trusted)
- •Endpoints requiring valid session/token
- •User-specific data access
- •Rate-limited APIs
- •
Internal Zone (trusted)
- •Service-to-service communication
- •Admin-only endpoints
- •Database connections
- •Secrets management
Step 3: Inventory Critical Assets
Classify data by sensitivity:
- •
PII (Personally Identifiable Information)
- •User emails, names, addresses, phone numbers
- •Document protection measures
- •
Credentials & Secrets
- •Password hashes, API keys, OAuth tokens
- •JWT signing keys, encryption keys
- •
Business-Critical Data
- •Transaction records, customer data
- •Proprietary algorithms, trade secrets
Step 4: Apply STRIDE Analysis
For each major component, analyze threats:
S - Spoofing Identity
- •Can attackers impersonate users or services?
- •Are authentication mechanisms secure?
T - Tampering with Data
- •Can attackers modify data in transit or at rest?
- •Look for: SQL injection, XSS, mass assignment, missing input validation
R - Repudiation
- •Can users deny actions they performed?
- •Look for: missing audit logs, insufficient logging
I - Information Disclosure
- •Can attackers access data they shouldn't?
- •Look for: IDOR, verbose errors, hardcoded secrets
D - Denial of Service
- •Can attackers disrupt service availability?
- •Look for: missing rate limits, resource exhaustion
E - Elevation of Privilege
- •Can attackers gain unauthorized access levels?
- •Look for: missing authorization checks, role manipulation
Step 5: Document Vulnerability Patterns
Create a library of code patterns specific to this codebase's tech stack.
Step 6: Generate Output Files
Create two files:
1. .factory/threat-model.md
Comprehensive threat model with:
- •System overview with architecture description
- •Trust boundaries and security zones
- •Attack surface inventory
- •Critical assets classification
- •STRIDE threat analysis for each component
- •Vulnerability pattern library
- •Security testing strategy
- •Assumptions and accepted risks
- •Version changelog
2. .factory/security-config.json
{
"threat_model_version": "1.0.0",
"last_updated": "<ISO timestamp>",
"security_team_contacts": [],
"compliance_requirements": [],
"scan_frequency": "on_commit",
"severity_thresholds": {
"block_merge": ["CRITICAL"],
"require_review": ["HIGH", "CRITICAL"],
"notify_security_team": ["CRITICAL"]
},
"vulnerability_patterns": {
"enabled": [
"sql_injection",
"xss",
"command_injection",
"path_traversal",
"auth_bypass",
"idor"
]
}
}
Success Criteria
- •
.factory/threat-model.mdexists with all sections populated - •
.factory/security-config.jsonexists with valid JSON - • All major components have STRIDE analysis
- • Vulnerability patterns match the tech stack
- • Document is written in natural language (LLM-readable)
- • No placeholder text remains
Example Invocations
Generate initial threat model:
Generate a threat model for this repository.
Update existing threat model:
Update the threat model - we added a new payments service.
Generate with compliance requirements:
Generate a threat model for this repository. We need to comply with SOC2 and GDPR.