Add threat-model-analyst skill: STRIDE-A threat modeling for repositories#1177
Merged
aaronpowell merged 4 commits intogithub:stagedfrom Mar 29, 2026
Merged
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a new threat-model-analyst skill under skills/ that guides users through STRIDE-A threat modeling (single and incremental modes) using orchestrators, reference guidance, and fill-in report skeletons.
Changes:
- Introduces the
threat-model-analystskill (SKILL.md) plus comprehensive reference docs (orchestrators, analysis principles, diagram conventions, output formats, TMT taxonomy). - Adds multiple skeleton templates for the generated report artifacts (architecture, DFDs, STRIDE analysis, findings, inventory JSON, incremental comparison HTML).
- Registers the new skill in
docs/README.skills.md.
Reviewed changes
Copilot reviewed 18 out of 18 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
| skills/threat-model-analyst/SKILL.md | Defines skill activation criteria and mode selection (single vs incremental/compare guidance). |
| skills/threat-model-analyst/references/orchestrator.md | Full single-run workflow + mandatory rules for report generation and verification. |
| skills/threat-model-analyst/references/incremental-orchestrator.md | Incremental workflow built around baseline threat-inventory.json + comparison outputs. |
| skills/threat-model-analyst/references/analysis-principles.md | Analysis methodology, verification requirements, tiering rules, and checklists. |
| skills/threat-model-analyst/references/diagram-conventions.md | Mermaid diagram standards (palette, boundaries, sidecars, syntax gates). |
| skills/threat-model-analyst/references/output-formats.md | Canonical templates and validation/self-check rules for all output artifacts. |
| skills/threat-model-analyst/references/tmt-element-taxonomy.md | Maps code patterns to Microsoft TMT element categories and detection guidance. |
| skills/threat-model-analyst/references/skeletons/skeleton-architecture.md | Fill-in template for 0.1-architecture.md. |
| skills/threat-model-analyst/references/skeletons/skeleton-dfd.md | Fill-in template for 1.1-threatmodel.mmd. |
| skills/threat-model-analyst/references/skeletons/skeleton-summary-dfd.md | Fill-in template for 1.2-threatmodel-summary.mmd. |
| skills/threat-model-analyst/references/skeletons/skeleton-threatmodel.md | Fill-in template for 1-threatmodel.md. |
| skills/threat-model-analyst/references/skeletons/skeleton-stride-analysis.md | Fill-in template for 2-stride-analysis.md. |
| skills/threat-model-analyst/references/skeletons/skeleton-findings.md | Fill-in template for 3-findings.md. |
| skills/threat-model-analyst/references/skeletons/skeleton-inventory.md | Fill-in template for threat-inventory.json. |
| skills/threat-model-analyst/references/skeletons/skeleton-incremental-html.md | Fill-in template for incremental-comparison.html. |
| skills/threat-model-analyst/references/skeletons/skeleton-assessment.md | Fill-in template for 0-assessment.md. |
| docs/README.skills.md | Adds the skill to the docs index and enumerates reference assets. |
aaronpowell
previously approved these changes
Mar 26, 2026
Contributor
|
@cheguv there's a number of comments from Copilot, can you review to see if any are accurate and need actioning, or can be ignored, and close them all for merging |
…ries Add a comprehensive threat model analysis skill that performs security audits using STRIDE-A (STRIDE + Abuse) threat modeling, Zero Trust principles, and defense-in-depth analysis. Supports two modes: - Single analysis: full STRIDE-A threat model producing architecture overviews, DFD diagrams, prioritized findings, and executive assessments - Incremental analysis: security posture diff between baseline report and current code, producing standalone reports with embedded comparison Includes bundled reference assets: - Orchestrator workflows (full and incremental) - Analysis principles and verification checklists - Output format specifications and skeleton templates - DFD diagram conventions and TMT element taxonomy
- Fix SKILL.md description: use single-quoted scalar, rename mode (2) to 'Incremental analysis' with accurate description - Replace 'Compare Mode (Deprecated)' sections with 'Comparing Commits or Reports' redirect (no deprecated language for first release) - Fix skeleton-findings.md: move Tier 1 table rows under header, add CONDITIONAL-EMPTY block after END-REPEAT (matching Tier 2/3 structure) - Fix skeleton-threatmodel.md and skeleton-architecture.md: use 4-backtick outer fences to avoid nested fence conflicts with inner mermaid fences - Fix skeleton-incremental-html.md: correct section count from 9 to 8 - Fix output-formats.md: change status 'open' to 'Open' in JSON example, move stride_category warning outside JSON fence as blockquote - Fix incremental-orchestrator.md: replace stale compare-output-formats.md reference with inline color conventions - Regenerate docs/README.skills.md with updated description
cheguv
force-pushed
the
add-threat-model-analyst-skill
branch
from
fea6cb2 to
591a7c0
Compare
- Fix diagram-conventions.md: bidirectional flow notation now uses <--> matching orchestrator.md and DFD templates - Fix tmt-element-taxonomy.md: normalize SE.DF.SSH/LDAP/LDAPS to use SE.DF.TMCore.* prefix consistent with all other data flow IDs - Fix output-formats.md: correct TMT category example from SQLDatabase to SQL matching taxonomy, fix component type from 'datastore' to 'data_store' matching canonical enum, remove DaprSidecar from inbound_from per no-standalone-sidecar rule - Fix 5 skeleton files: clarify VERBATIM instruction to 'copy the template content below (excluding the outer code fence)' to prevent agents from wrapping output in markdown fences - Genericize product-specific names in examples: replace edgerag with myapp, BitNetManager with TaskProcessor, AzureLocalMCP with MyApp.Core, AzureLocalInfra with OnPremInfra, MilvusVectorDB with VectorDB
cheguv
force-pushed
the
add-threat-model-analyst-skill
branch
2 times, most recently
from
8218d0b to
91e7dba
Compare
- Fix diagram-conventions.md: second bidirectional two-arrow pattern in Quick Reference section now uses <--> - Fix incremental-orchestrator.md: renumber HTML sections 5-9 to 4-8 matching skeleton-incremental-html.md 8-section structure - Fix output-formats.md: add incremental-comparison.html to File List as conditional output for incremental mode - Fix skeleton-inventory.md: add tmt_type, sidecars, and boundary_kind fields to match output-formats.md JSON schema example
cheguv
force-pushed
the
add-threat-model-analyst-skill
branch
from
91e7dba to
71031ab
Compare
Contributor
Author
Hi @aaronpowell fixed the comments and did few more iterations. I see many of these are good to have changes versus actually causing the problems. |
aaronpowell
approved these changes
Mar 29, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Adds a comprehensive threat-model-analyst Agent Skill that performs security audits using STRIDE-A (STRIDE + Abuse) threat modeling, Zero Trust principles, and defense-in-depth analysis.
Details on the skill usage : https:/aka.ms/threatmodelanalystvideo
Supported Modes
Bundled Reference Assets (17 files)
Checklist