security-threat-model
Repository-grounded threat modeling that enumerates trust boundaries, assets, attacker capabilities, abuse paths, and mitigations, and writes a concise Markdown threat model. Trigger only when the user explicitly asks to threat model a codebase or path, enumerate threats/abuse paths, or perform AppSec threat modeling. Do not trigger for general architecture summaries, code review, or non-security design work.
89
85%
Does it follow best practices?
Impact
94%
2.54xAverage score across 3 eval scenarios
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that clearly defines its scope with specific actions (trust boundaries, assets, attacker capabilities, abuse paths, mitigations), provides explicit positive and negative trigger conditions, and carves out a distinct niche. The inclusion of anti-triggers ('Do not trigger for...') is a best practice that further reduces conflict risk with related skills.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'enumerates trust boundaries, assets, attacker capabilities, abuse paths, and mitigations' and 'writes a concise Markdown threat model'. These are clearly defined, domain-specific actions. | 3 / 3 |
Completeness | Clearly answers both 'what' (enumerates trust boundaries, assets, attacker capabilities, abuse paths, mitigations; writes Markdown threat model) and 'when' (explicit 'Trigger only when...' clause with specific conditions, plus explicit exclusions for when NOT to trigger). | 3 / 3 |
Trigger Term Quality | Includes strong natural trigger terms users would say: 'threat model', 'enumerate threats', 'abuse paths', 'AppSec threat modeling', 'codebase'. Also includes negative triggers to reduce false matches ('general architecture summaries', 'code review'). | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with a clear niche in security threat modeling. The explicit exclusion of 'general architecture summaries, code review, or non-security design work' actively reduces conflict risk with adjacent skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
70%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured threat modeling skill with an excellent multi-step workflow that includes user validation checkpoints and a final quality gate. Its main weakness is the lack of concrete inline examples—a sample threat entry or output snippet would significantly improve actionability. The content is reasonably concise but could be tightened in places where guidance is somewhat repetitive.
Suggestions
Add a concrete inline example of a single threat entry (e.g., showing title, abuse path, likelihood/impact reasoning, and mitigation) so Claude has a clear template without needing to load the reference file.
Include a brief example of what a trust boundary enumeration looks like in practice (e.g., 'Browser → API Gateway: HTTPS, JWT auth, rate-limited') to make Step 2 more actionable.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is mostly efficient and avoids explaining basic concepts Claude already knows, but some sections are slightly verbose with redundant phrasing (e.g., 'not a generic checklist' repeated conceptually, 'Prioritizing realistic attacker goals and concrete impacts over generic checklists' in the intro echoes later guidance). Some bullet points could be tightened. | 2 / 3 |
Actionability | The skill provides structured guidance with specific steps and concrete categories (trust boundaries, assets, entry points), but lacks executable code/commands and concrete examples of what a threat entry or output section looks like. It relies heavily on an external prompt template for the actual output format rather than showing inline examples. | 2 / 3 |
Workflow Clarity | The 8-step workflow is clearly sequenced with logical progression from scoping through enumeration, prioritization, user validation, mitigation, and a final quality check. Step 6 includes an explicit pause-and-validate checkpoint with the user, and Step 8 provides a thorough validation checklist before finalizing. The feedback loop (validate assumptions → adjust) is well-defined. | 3 / 3 |
Progressive Disclosure | The skill provides a clear overview with well-signaled one-level-deep references to `references/prompt-template.md` and `references/security-controls-and-assets.md`. The instruction to 'only load the reference files you need' is a good touch. Content is appropriately split between the main skill and reference files. | 3 / 3 |
Total | 10 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- openai/skills
- Commit
e6afb0d
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.