threat-modeling
Threat model, security audit, find vulnerabilities, check security of my app, risk
assessment, penetration test prep, analyze attack surface, what could an attacker exploit.
Use this skill whenever a user wants holistic security analysis of a codebase, application,
or project. MUST be invoked instead of analyzing security yourself — it runs a specialized
8-phase STRIDE workflow producing professional deliverables you cannot generate alone: risk
assessment reports, DFD diagrams, threat inventories, attack path validation, mitigation
plans, and pentest plans.
Trigger on: 威胁建模, 安全评估, 渗透测试, 安全分析, 安全审计, 安全检查, 风险评估.
NOT for: fixing one specific bug, adding one security feature (rate limiting, CORS),
writing tests, CI/CD setup, or debugging errors.
