AI SummaryGenerates repository-grounded threat models that identify trust boundaries, assets, attack paths, and mitigations in application code. Ideal for security engineers and developers performing AppSec threat modeling on specific codebases.
Install
# Add to your project root as SKILL.md curl -o SKILL.md "https://raw.githubusercontent.com/openai/skills/main/skills/.curated/security-threat-model/SKILL.md"
Description
Repository-grounded threat modeling that enumerates trust boundaries, assets, attacker capabilities, abuse paths, and mitigations, and writes a concise Markdown threat model. Trigger only when the user explicitly asks to threat model a codebase or path, enumerate threats/abuse paths, or perform AppSec threat modeling. Do not trigger for general architecture summaries, code review, or non-security design work.
3) Calibrate assets and attacker capabilities
• List the assets that drive risk (credentials, PII, integrity-critical state, availability-critical components, build artifacts). • Describe realistic attacker capabilities based on exposure and intended usage. • Explicitly note non-capabilities to avoid inflated severity.
Threat Model Source Code Repo
Deliver an actionable AppSec-grade threat model that is specific to the repository or a project path, not a generic checklist. Anchor every architectural claim to evidence in the repo and keep assumptions explicit. Prioritizing realistic attacker goals and concrete impacts over generic checklists.
Quick start
1) Collect (or infer) inputs: • Repo root path and any in-scope paths. • Intended usage, deployment model, internet exposure, and auth expectations (if known). • Any existing repository summary or architecture spec. • Use prompts in references/prompt-template.md to generate a repository summary. • Follow the required output contract in references/prompt-template.md. Use it verbatim when possible.
1) Scope and extract the system model
• Identify primary components, data stores, and external integrations from the repo summary. • Identify how the system runs (server, CLI, library, worker) and its entrypoints. • Separate runtime behavior from CI/build/dev tooling and from tests/examples. • Map the in-scope locations to those components and exclude out-of-scope items explicitly. • Do not claim components, flows, or controls without evidence.
Quality Score
Good
89/100
Trust & Transparency
No License Detected
Review source code before installing
Verified Open Source
Hosted on GitHub — publicly auditable
Actively Maintained
Last commit Today
10.2k stars — Strong Community
569 forks