What threat modeling frameworks does this skill support?

The skill is specifically optimized for the STRIDE framework (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege) but can be adapted for other modeling methodologies.

Can I export these requirements to project management tools?

Yes, the skill generates requirements in standardized Markdown and user story formats that are easily imported into tools like Jira, GitHub Issues, or Azure DevOps.

How does this skill help with regulatory compliance?

It includes built-in enums and mapping logic for major frameworks like GDPR, HIPAA, PCI DSS, and SOC2, allowing you to tag requirements with specific compliance references.

Does it provide test cases for the requirements?

Absolutely. For every requirement extracted, the skill can generate a test specification including test cases and acceptance criteria verification steps.

Security Requirement Extraction

Name: Security Requirement Extraction
Author: EngineerWithAI

byEngineerWithAI

0•

Security & Testing

Transforms threat models and business context into actionable security requirements and testable user stories.

This skill bridges the gap between high-level threat analysis and technical implementation by automatically deriving specific security requirements from identified threats. It categorizes requirements into functional, non-functional, and constraint types while providing structured templates for building comprehensive security requirement sets. By mapping STRIDE categories to technical controls, it ensures that security is baked into the development lifecycle through clear acceptance criteria, priority levels, and traceable test cases suitable for security-conscious engineering teams.

Key Features

01Creates comprehensive test specifications for security verification

02Produces traceability matrices linking requirements back to specific threats

030 GitHub stars

04Automated threat-to-requirement mapping based on STRIDE categories

05Supports compliance mapping for frameworks like PCI DSS, HIPAA, and GDPR

06Generates security-focused user stories with detailed acceptance criteria

Use Cases

01Generating a security traceability matrix for compliance and architectural audits

02Converting a STRIDE threat model into a developer backlog of security user stories

03Building a suite of security test cases based on derived technical requirements

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add engineerwithai/engineerwith-agents security-requirement-extraction

For use in Claude.ai and ChatGPT

Download Skill