Security
590 installs
security-requirement-extraction
by wshobson/agents
Derive security requirements from threat models and business context. Use when translating threats into actionable requirements, creating security user…
Skill content
Transform threat analysis into actionable security requirements. - Converts STRIDE threat categories into functional, non-functional, and constraint requirements with automatic priority calculation based on impact and likelihood - Generates security user stories, acceptance criteria, and test cases directly from threats; includes traceability matrices linking threats to requirements - Maps requirements to compliance frameworks (PCI-DSS, HIPAA, GDPR, SOC2, NIST, ISO 27001, OWASP) and identifies coverage gaps - Organizes requirements by security domain (authentication, authorization, data protection, audit logging, input validation, cryptography, and six others) with built-in filtering and export to markdown Security Requirement Extraction Transform threat analysis into actionable security requirements. When to Use This Skill - Converting threat models to requirements - Writing security user stories - Creating security test cases - Building security acceptance criteria - Compliance requirement mapping - Security architecture documentation Core Concepts 1. Requirement Categories