Run the complete threat modeling workflow from initialization through reporting. Orchestrates all other skills in sequence. Use when performing full threat model analysis, running complete security assessment, or generating comprehensive threat documentation.
View on GitHubjosemlopez/threat-modeling-toolkit
threat-modeling-toolkit
skills/tm-full/SKILL.md
January 22, 2026
Select agents to install to:
npx add-skill https://github.com/josemlopez/threat-modeling-toolkit/blob/main/skills/tm-full/SKILL.md -a claude-code --skill tm-fullInstallation paths:
.claude/skills/tm-full/# Full Threat Modeling Workflow ## Purpose Orchestrate the complete threat modeling workflow in a single command: 1. **Initialize** - Discover assets and architecture 2. **Analyze** - Identify and assess threats 3. **Verify** - Check control implementations 4. **Comply** - Map to frameworks 5. **Report** - Generate comprehensive documentation ## Usage ``` /tm-full [--docs <path>] [--framework stride|pasta] [--compliance <list>] [--output <path>] [--report-level executive|standard|detailed] ``` **Arguments**: - `--docs`: Path to architecture documentation (default: ./docs) - `--framework`: Threat framework (default: stride) - `--compliance`: Compliance frameworks, comma-separated (default: owasp) - `--output`: Output directory (default: .threatmodel) - `--report-level`: Report detail level (default: standard) ## Workflow Steps ``` ┌─────────────────────────────────────────────────────────────┐ │ FULL WORKFLOW │ ├─────────────────────────────────────────────────────────────┤ │ │ │ [1/5] INITIALIZATION │ │ ───────────────────── │ │ • Read architecture documentation │ │ • Extract assets and classify │ │ • Map data flows │ │ • Identify trust boundaries │ │ • Catalog attack surface │ │ • Generate architecture diagrams │ │ │ │ Output: assets.json, dataflows.json, trust-boundaries.json │ │ attack-surface.json, diagrams/*.mmd │ │ │ ├─────────────────────────────────────────────────────────────┤ │