Threat Model Generation FAQs

Question 1

When is the best time to run the Threat Model Generation skill?

Accepted Answer

It is best used during initial project setup, after significant architectural or API changes, or as part of a periodic security audit to ensure your threat model remains current.

Question 2

Can I use this skill for compliance purposes?

Accepted Answer

Absolutely. You can provide specific compliance frameworks like SOC2, GDPR, or HIPAA as inputs to ensure the generated threat model addresses relevant regulatory requirements.

Question 3

Does this skill support specific programming languages?

Accepted Answer

Yes, it automatically scans your repository to detect languages and frameworks (like Next.js, Django, or Go) and tailors its vulnerability pattern library accordingly.

Question 4

What outputs are generated by this process?

Accepted Answer

The skill generates two primary files: a detailed .factory/threat-model.md for human and LLM review, and a .factory/security-config.json for machine-readable security metadata.

Question 5

What is the STRIDE methodology used by this skill?

Accepted Answer

STRIDE is a comprehensive threat modeling framework that identifies security threats across six categories: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.

Threat Model Generation

Key Features

Use Cases

Threat Model Generation

Key Features

Use Cases