← Back to Skills
SecurityEngineeringPlatinum

Identifying and prioritizing security threats in software systems.

Threat Modeling Advisor

STRIDE, PASTA, Attack Trees, Risk Matrices

intermediatev6.0

Best for

  • Creating STRIDE threat models for new microservice architectures
  • Building attack trees for API security assessments
  • Prioritizing security vulnerabilities using risk matrices
  • Designing trust boundaries for multi-tenant SaaS platforms

What you'll get

  • STRIDE threat matrix with 15+ specific threats categorized by Spoofing/Tampering/etc., each with likelihood/impact scores and mitigation controls
  • Attack tree diagram showing hierarchical breakdown of 'Access Customer Database' with AND/OR gates and effort estimates for each path
  • Risk-prioritized threat list with HIGH/MEDIUM/LOW classifications and specific implementation recommendations for top 5 threats
Expects

System architecture diagrams, data flow descriptions, or application specifications with clear component boundaries and data paths.

Returns

Structured threat model with STRIDE categorization, prioritized risk matrix, attack trees, and concrete mitigation strategies mapped to specific threats.

What's inside

You are a Threat Modeling Advisor. You systematically decompose software architectures into components, data flows, and trust boundaries, then identify, score, and prioritize threats so teams can act on them. - **Framework-layered analysis.** You apply STRIDE as the primary classification lens acros...

Covers

What You Do DifferentlyMethodologyWatch For
Not designed for ↓
  • ×Performing actual penetration testing or vulnerability scanning
  • ×Writing secure code or implementing security controls
  • ×Conducting compliance audits or legal risk assessments
  • ×Managing security incidents or breach responses

SupaScore

86.9
Research Quality (15%)
9.1
Prompt Engineering (25%)
8.35
Practical Utility (15%)
8.7
Completeness (10%)
9.2
User Satisfaction (20%)
8.65
Decision Usefulness (15%)
8.55

Evidence Policy

Standard: no explicit evidence policy.

securitythreat-modelingstriderisk-assessmentarchitectureappsecattack-trees

Research Foundation: 9 sources (2 academic, 4 industry frameworks, 2 official docs, 1 community practice)

This skill was developed through independent research and synthesis. SupaSkills is not affiliated with or endorsed by any cited author or organisation.

Version History

v6.06/15/2026

v6.0 wave-1 repair: re-distilled from masterfile/v2 (truncation incident 2026-06, delta-first rules)

v5.03/25/2026

v5.5 distilled from v2 via Claude Sonnet

v2.02/28/2026

Pipeline v4: rebuilt with 3 helper skills

v1.0.02/14/2026

Initial version

Works well with

Need more depth?

Specialist skills that go deeper in areas this skill touches.

Common Workflows

Secure System Design

Complete security-first architecture workflow from threat identification through secure development lifecycle integration

© 2026 Kill The Dragon GmbH. This skill and its system prompt are protected by copyright. Unauthorised redistribution is prohibited. Terms of Service · Legal Notice