home / skills / sickn33 / antigravity-awesome-skills / stride-analysis-patterns

stride-analysis-patterns skill

needs review

This skill helps identify security threats using STRIDE patterns to guide threat modeling, documentation, and security design reviews.

This is most likely a fork of the stride-analysis-patterns skill from xfstudio

npx playbooks add skill sickn33/antigravity-awesome-skills --skill stride-analysis-patterns

Review the files below or copy the command above to add this skill to your agents.

Files (2)

SKILL.md

1.0 KB

---
name: stride-analysis-patterns
description: Apply STRIDE methodology to systematically identify threats. Use when analyzing system security, conducting threat modeling sessions, or creating security documentation.
---

# STRIDE Analysis Patterns

Systematic threat identification using the STRIDE methodology.

## Use this skill when

- Starting new threat modeling sessions
- Analyzing existing system architecture
- Reviewing security design decisions
- Creating threat documentation
- Training teams on threat identification
- Compliance and audit preparation

## Do not use this skill when

- The task is unrelated to stride analysis patterns
- You need a different domain or tool outside this scope

## Instructions

- Clarify goals, constraints, and required inputs.
- Apply relevant best practices and validate outcomes.
- Provide actionable steps and verification.
- If detailed examples are required, open `resources/implementation-playbook.md`.

## Resources

- `resources/implementation-playbook.md` for detailed patterns and examples.

Overview

This skill applies the STRIDE methodology to systematically identify threats across system components, data flows, and user interactions. It delivers categorized threat findings, suggested mitigations, and verification checks to support threat modeling, security reviews, and documentation.

How this skill works

You provide architecture artifacts or a verbal description of the system, assets, and trust boundaries. The skill inspects components and data flows, maps observations to STRIDE categories (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege), and generates prioritized findings with concrete mitigation and verification steps. It can produce artifacts for threat-modeling sessions and security documentation.

When to use it

Starting or running a threat modeling session for a new design
Analyzing existing architecture for security gaps
Preparing security documentation for audits or compliance
Reviewing design changes that affect authentication, data flow, or privileges
Training teams to recognize common threat patterns in systems

Best practices

Start with a clear scope: components, trust boundaries, threat actors, and assets
Use data-flow diagrams or component lists to ensure full coverage
Map each finding to a mitigation and a verification step (tests, logs, metrics)
Prioritize threats by impact and exploitability, not just count
Iterate: re-run STRIDE after architecture or threat mitigations change

Example use cases

Threat modeling a microservices architecture to identify authentication and authorization gaps
Reviewing an API platform to find information disclosure and repudiation risks
Assessing a cloud deployment for tampering, DOS, and privilege escalation vectors
Creating audit-ready documentation listing identified threats, mitigations, and verification evidence
Running a training exercise where engineers map real design elements to STRIDE categories

FAQ

What inputs does the skill need?

Provide architecture diagrams or a component and data-flow description, plus scope, trust boundaries, and any known constraints or threat actors.

Will it produce actionable mitigations?

Yes. Each identified threat is paired with concrete mitigations and verification steps such as tests, logging checks, or configuration changes.