← Back to list
threat-model-lite
by Robotti-io
✨ A customizable copilot-instructions.md ruleset & prompts to guide GitHub Copilot toward secure coding defaults in Java, Node.js, C# and Python. Blocks risky patterns, teaches safe habits.
⭐ 32🍴 9📅 Jan 14, 2026
Run in ManusSKILL.md
name: threat-model-lite description: Lightweight, repeatable threat modeling for a feature or service with prioritized mitigations.
Use this skill when planning a feature, reviewing an architecture, or preparing security requirements.
Step-by-step process
- Define scope
- What is being built/changed? What is explicitly out of scope?
- Describe the system
- Components, identities, data stores, external dependencies
- Identify assets
- Secrets, PII, money-moving actions, admin capabilities, integrity-critical data
- Map trust boundaries
- Internet ↔ edge, edge ↔ app, app ↔ data, service ↔ service
- List top threats (ranked)
- Use STRIDE reasoning; focus on realistic threats
- Mitigations
- Prevent: validation, authz, rate limiting, encryption
- Detect: logs, alerts, anomaly detection
- Respond: rollback, key rotation, incident playbooks
- Residual risk
- What remains and why; follow-ups
Output template
- System overview
- Data flows (bulleted)
- Assets
- Trust boundaries
- Top threats + mitigations
- Residual risk + next steps
Score
Total Score
65/100
Based on repository quality metrics
✓SKILL.md
SKILL.mdファイルが含まれている
+20
○LICENSE
ライセンスが設定されている
0/10
✓説明文
100文字以上の説明がある
+10
○人気
GitHub Stars 100以上
0/15
✓最近の活動
1ヶ月以内に更新
+10
○フォーク
10回以上フォークされている
0/5
✓Issue管理
オープンIssueが50未満
+5
✓言語
プログラミング言語が設定されている
+5
✓タグ
1つ以上のタグが設定されている
+5
Reviews
💬
Reviews coming soon
