security-requirement-extraction

Quick Review

This is a high-quality security skill that excels in providing comprehensive task knowledge for extracting security requirements from threat models. The skill includes well-structured Python templates covering data models, threat-to-requirement extraction with STRIDE mappings, compliance framework mapping (PCI-DSS, HIPAA, GDPR, OWASP), and user story generation. The description clearly explains when to invoke the skill (threat model translation, security user stories, test cases). Structure is excellent with clear sections, templates, and best practices. The skill demonstrates strong novelty by automating a complex security engineering task that would typically require significant domain expertise and many tokens from a CLI agent. Minor room for improvement: the description could be slightly more explicit about input format expectations (e.g., threat model structure), and some templates could benefit from concrete usage examples showing end-to-end workflows. Overall, this skill meaningfully reduces the complexity and token cost of deriving actionable security requirements from threats while maintaining strong traceability to compliance frameworks.