Does it support non-functional security requirements?

Absolutely. It distinguishes between functional requirements (what the system does), non-functional requirements (performance/security attributes), and technical constraints.

Can I export these requirements to my project management tool?

Yes, the skill generates requirements in standard Markdown and user story formats that are easily compatible with tools like Jira, GitHub Issues, or ADO.

Which compliance frameworks are included?

It includes built-in support for mapping requirements to major frameworks including PCI-DSS, HIPAA, GDPR, SOC2, NIST CSF, and OWASP standards.

How does this skill handle threat models?

The skill uses the STRIDE framework to categorize threats and automatically maps them to specific security domains like Cryptography or Input Validation to derive necessary requirements.

Security Requirement Extraction

Name: Security Requirement Extraction
Author: drgaciw

bydrgaciw

0•

Security & Testing

Transforms threat models and business context into actionable security requirements, user stories, and test specifications.

This Claude Code skill bridges the gap between high-level threat analysis and technical implementation by automating the extraction of granular security requirements. Using the STRIDE methodology, it maps potential threats to specific security domains such as authentication, data protection, and audit logging. It is designed for developers and security engineers who need to generate traceable user stories, clear acceptance criteria, and comprehensive test cases to ensure that security is built into the software development lifecycle from the start.

Key Features

01Automated mapping of STRIDE threat categories to security requirements

02Creates detailed security test specifications for verification

03Generates production-ready security user stories with acceptance criteria

040 GitHub stars

05Supports compliance mapping for GDPR, SOC2, HIPAA, and PCI-DSS

06Generates traceability matrices between threats and technical controls

Use Cases

01Converting a manual threat model into a prioritized security backlog

02Building a traceability matrix for regulatory compliance audits

03Generating security acceptance criteria for Agile development sprints

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add drgaciw/academic-compliance-hub-glm security-requirement-extraction

For use in Claude.ai and ChatGPT

Download Skill