Initialize a threat modeling project by analyzing architecture documentation. Creates threat model structure with asset inventory, data flows, trust boundaries, and attack surface mapping. Use when starting new threat modeling work, setting up threat model for a project, or creating initial security assessment.
View on GitHubjosemlopez/threat-modeling-toolkit
threat-modeling-toolkit
skills/tm-init/SKILL.md
January 22, 2026
Select agents to install to:
npx add-skill https://github.com/josemlopez/threat-modeling-toolkit/blob/main/skills/tm-init/SKILL.md -a claude-code --skill tm-initInstallation paths:
.claude/skills/tm-init/# Threat Model Initialization ## Purpose Initialize a comprehensive threat model by analyzing your system's architecture documentation. This skill discovers and catalogs: - **Assets**: Systems, data stores, services, and integrations - **Data Flows**: How data moves between components - **Trust Boundaries**: Where privilege levels change - **Attack Surface**: Entry points exposed to potential attackers ## Usage ``` /tm-init [--docs <path>] [--scope <pattern>] [--framework stride|pasta] ``` **Arguments** (parsed from $ARGUMENTS): - `--docs <path>`: Path to architecture documentation (default: `./docs`) - `--scope <pattern>`: Limit analysis to matching components - `--framework`: Threat framework to use (default: `stride`) ## Process ### Step 1: Discover Documentation Scan the documentation directory for architecture artifacts: ``` Glob patterns to search: - **/*.md (Markdown documentation) - **/README* (Project readmes) - **/openapi.yaml, **/openapi.json (API specs) - **/swagger.* (Swagger specs) - **/*.mmd, **/*.puml (Diagrams) - **/docker-compose.* (Infrastructure) - **/Dockerfile* (Containerization) - **/*.tf (Terraform) - **/k8s/**, **/kubernetes/** (Kubernetes) ``` ### Step 2: Extract Assets For each component found, identify and classify: **Asset Types**: | Type | Description | Look For | |------|-------------|----------| | `data-store` | Persists data | PostgreSQL, MySQL, MongoDB, Redis, S3, etc. | | `service` | Backend logic | API servers, microservices, workers | | `client` | User interfaces | Web apps, mobile apps, CLIs | | `integration` | External systems | Payment gateways, email services, third-party APIs | | `infrastructure` | Platform components | Load balancers, CDN, DNS, queues | | `identity` | Auth systems | IdP, OAuth providers, SSO | | `secret` | Sensitive material | API keys, certificates, credentials | **Data Classifications**: - `public`: Publicly available information - `internal`: Internal business data - `confidential`: Sensiti