Agent Skills
› kinncj/Heimdall
› threat-modeling
threat-modeling
GitHub基于STRIDE框架对组件和信任边界进行威胁建模,生成包含资产、风险分析及缓解措施的威胁登记册。适用于新功能安全评审,输出至指定文档路径,确保上线前关键风险得到控制。
Trigger Scenarios
需要对新功能进行安全评估
执行STRIDE威胁建模分析
生成威胁登记册
Install
npx skills add kinncj/Heimdall --skill threat-modeling -g -y
SKILL.md
Frontmatter
{
"name": "threat-modeling",
"description": "Perform STRIDE threat modeling for each component and trust boundary and produce a threat register. Use when reviewing a feature for security."
}
SKILL: Threat Modeling (STRIDE)
Output Location
docs/specs/{feature-slug}/threat-model.md
STRIDE Framework
For each component and trust boundary, evaluate all 6 threat categories:
| Letter | Threat | Question |
|---|---|---|
| S | Spoofing | Can an attacker impersonate a user, service, or system? |
| T | Tampering | Can data be modified in transit or at rest without detection? |
| R | Repudiation | Can a user deny performing an action? |
| I | Information Disclosure | Can sensitive data leak to unauthorized parties? |
| D | Denial of Service | Can an attacker prevent legitimate users from accessing the service? |
| E | Elevation of Privilege | Can an attacker gain capabilities beyond what is authorized? |
Threat Model Template
# Threat Model: {Feature Name}
## Assets
| Asset | Sensitivity | Owner |
|-------|-------------|-------|
| User PII | High | {team} |
| Payment data | Critical | {team} |
| API keys | Critical | {team} |
## Trust Boundaries
- Internet <-> Load Balancer
- Load Balancer <-> Application
- Application <-> Database
- Application <-> Third-party APIs
## STRIDE Analysis
### {Component Name}
**S — Spoofing**
- Risk: {description}
- Likelihood: High/Medium/Low
- Impact: High/Medium/Low
- Mitigation: {control}
**T — Tampering**
...
**R — Repudiation**
...
**I — Information Disclosure**
...
**D — Denial of Service**
...
**E — Elevation of Privilege**
...
## Risk Register
| Threat | Component | Likelihood | Impact | Risk Level | Mitigation | Status |
|--------|-----------|------------|--------|------------|------------|--------|
| SQL Injection | API | High | Critical | Critical | Parameterized queries | Mitigated |
## Mitigations Required Before Launch
- [ ] {Critical mitigation 1}
- [ ] {Critical mitigation 2}
Common Mitigations
- Authentication: JWT with short expiry, refresh token rotation.
- Authorization: RBAC, RLS on database.
- Input validation: Zod/FluentValidation on all inputs.
- Rate limiting: Per-IP and per-user limits.
- Encryption: TLS 1.3 in transit, AES-256 at rest.
- Audit logging: All write operations logged with actor + timestamp.
- Secrets management: Never in code; use environment variables or vault.
Version History
- f4ea31f Current 2026-07-05 10:41


