skillZs
LIVE SKILL TAGS
>>> LIVE SKILLS INDEX <<<
* OPEN SOURCE *
NO LOGIN, NO TRACKING
REAL INSTALL DATA
← back to all skills
wshobson/agents15k installs

security-requirement-extraction

Derive security requirements from threat models and business context. Use when translating threats into actionable requirements, creating security user stories, or building security test cases.

How do I install this agent skill?

npx skills add https://github.com/wshobson/agents --skill security-requirement-extraction
view source ↗

Is this agent skill safe to install?

  • Gen Agent Trust Hubpass

    The skill provides Python templates and structural guidance for extracting security requirements from threat models. It contains no executable code, network activity, or sensitive data access, posing no security risk.

  • Socketpass

    No alerts

  • Snykpass

    Risk: LOW · No issues

  • Runlayerpass

    1/1 file flagged

  • ZeroLeakspass

    1 finding · Score: 82/100

What does this agent skill do?

Security Requirement Extraction

Transform threat analysis into actionable security requirements.

When to Use This Skill

  • Converting threat models to requirements
  • Writing security user stories
  • Creating security test cases
  • Building security acceptance criteria
  • Compliance requirement mapping
  • Security architecture documentation

Core Concepts

1. Requirement Categories

Business Requirements → Security Requirements → Technical Controls
         ↓                       ↓                      ↓
  "Protect customer    "Encrypt PII at rest"   "AES-256 encryption
   data"                                        with KMS key rotation"

2. Security Requirement Types

TypeFocusExample
FunctionalWhat system must do"System must authenticate users"
Non-functionalHow system must perform"Authentication must complete in <2s"
ConstraintLimitations imposed"Must use approved crypto libraries"

3. Requirement Attributes

AttributeDescription
TraceabilityLinks to threats/compliance
TestabilityCan be verified
PriorityBusiness importance
Risk LevelImpact if not met

Templates and detailed worked examples

Full template library lives in references/details.md. Read that file when you need concrete templates for this skill.

Best Practices

Do's

  • Trace to threats - Every requirement should map to threats
  • Be specific - Vague requirements can't be tested
  • Include acceptance criteria - Define "done"
  • Consider compliance - Map to frameworks early
  • Review regularly - Requirements evolve with threats

Don'ts

  • Don't be generic - "Be secure" is not a requirement
  • Don't skip rationale - Explain why it matters
  • Don't ignore priorities - Not all requirements are equal
  • Don't forget testability - If you can't test it, you can't verify it
  • Don't work in isolation - Involve stakeholders

Add the canonical catalog link to the repository README so users can inspect current installs and available audits. The publishing guide covers the complete discovery path.

<a href="https://skillzs.dev/skills/wshobson/agents/security-requirement-extraction">View security-requirement-extraction on skillZs</a>