ReddRadar
Agent skill
threat-model-generation
Generate or refresh a STRIDE-based threat model for the current repository using Bug Hunter-native artifacts. Use whenever the repository has no threat model yet, the architecture changed materially, a security review needs fresh trust-boundary context, or the user explicitly asks for a threat model.
Install this agent skill to your Project
npx add-skill https://github.com/codexstar69/bug-hunter/tree/main/skills/threat-model-generation
SKILL.md
Threat Model Generation
This is a bundled local Bug Hunter companion skill. It generates portable threat-model artifacts under .bug-hunter/.
Purpose
Create the security context that the other security skills depend on:
- trust boundaries
- major components
- STRIDE threats
- vulnerability pattern library
- severity/config defaults
Required outputs
Write:
.bug-hunter/threat-model.md.bug-hunter/security-config.json
Workflow
- Read
.bug-hunter/triage.jsonif available for file structure and domain hints. - Inspect the repository to identify:
- languages and frameworks
- public/authenticated/internal entry points
- data stores and external integrations
- sensitive assets and trust boundaries
- Generate a concise STRIDE threat model.
- Generate a matching security config with thresholds and tech-stack metadata.
Existing implementation hooks
Bug Hunter already has a native prompt for this capability:
prompts/threat-model.md
Prefer reusing that prompt structure and artifact conventions rather than inventing a second format.
Output rules
- Keep the threat model short enough for downstream agents to consume.
- Be specific about trust boundaries and vulnerable code patterns.
- Keep all artifacts under
.bug-hunter/, never.factory/.
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
codexstar69/bug-hunter
referee
Final arbiter for Bug Hunter. Receives Hunter findings and Skeptic challenges, independently re-reads code, and delivers authoritative verdicts with CVSS scoring and proof-of-concept generation for security findings.
codexstar69/bug-hunter
fixer
Surgical code fixer for Bug Hunter. Implements minimal, precise fixes for verified bugs. Uses doc-lookup (Context Hub + Context7) to verify correct API usage in patches. Respects fix strategy classifications (safe-autofix vs manual-review vs larger-refactor).
codexstar69/bug-hunter
hunter
Deep behavioral code analysis agent for Bug Hunter. Performs multi-phase scanning to find logic errors, security vulnerabilities, race conditions, and runtime bugs. Uses doc-lookup (Context Hub + Context7) for framework verification. Reports structured JSON findings.
codexstar69/bug-hunter
skeptic
Adversarial code reviewer for Bug Hunter. Rigorously challenges each reported bug to determine if it's real or a false positive. Uses doc-lookup (Context Hub + Context7) to verify framework claims before disproval. The immune system that kills false positives.
codexstar69/bug-hunter
commit-security-scan
Scan code changes for security vulnerabilities using Bug Hunter-native artifacts and STRIDE context. Use whenever the user asks for PR security review, commit-diff scanning, staged-change security checks, branch-comparison security review, or pre-merge security analysis of changed code.
codexstar69/bug-hunter
security-review
Run a focused STRIDE-based security review using Bug Hunter-native artifacts. Use whenever the user asks for a full security audit, repository security review, weekly security scan, PR security review with deeper validation, or wants dependency CVEs and threat-model context combined into one workflow.
Didn't find tool you were looking for?