Skip to main content
security-requirement-extraction Derive security requirements from threat models and business context. Use when translating threats into actionable requirements, creating security user stories, or building security test cases.
npx skills add wshobson/agents --skill security-requirement-extraction agents claude claude-code subagents anthropic automation
Security Requirement Extraction
Transform threat analysis into actionable security requirements.
When to Use This Skill
Converting threat models to requirements
Writing security user stories
Creating security test cases
Building security acceptance criteria
Compliance requirement mapping
Security architecture documentation
Core Concepts
1. Requirement Categories
Business Requirements → Security Requirements → Technical Controls
↓ ↓ ↓
"Protect customer "Encrypt PII at rest" "AES-256 encryption
data" with KMS key rotation"
2. Security Requirement Types
Type Focus Example Functional What system must do "System must authenticate users" Non-functional How system must perform "Authentication must complete in <2s"
Constraint
"Must use approved crypto libraries"
3. Requirement Attributes Attribute Description Traceability Links to threats/compliance Testability Can be verified Priority Business importance Risk Level Impact if not met
Templates and detailed worked examples Full template library lives in references/details.md. Read that file when you need concrete templates for this skill.
Best Practices
Do's
Trace to threats - Every requirement should map to threats
Be specific - Vague requirements can't be tested
Include acceptance criteria - Define "done"
Consider compliance - Map to frameworks early
Review regularly - Requirements evolve with threats
Don'ts
Don't be generic - "Be secure" is not a requirement
Don't skip rationale - Explain why it matters
Don't ignore priorities - Not all requirements are equal
Don't forget testability - If you can't test it, you can't verify it
Don't work in isolation - Involve stakeholders
Create or update AgentSkills. Use when designing, structuring, or packaging skills with scripts, references, and assets.
Create or update AgentSkills. Use when designing, structuring, or packaging skills with scripts, references, and assets.
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
CLI to manage emails via IMAP/SMTP. Use `himalaya` to list, read, write, reply, forward, search, and organize emails from the terminal. Supports multiple accounts and message composition with MML (MIME Meta Language).
Create or update AgentSkills. Use when designing, structuring, or packaging skills with scripts, references, and assets.
Create or update AgentSkills. Use when designing, structuring, or packaging skills with scripts, references, and assets.
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
CLI to manage emails via IMAP/SMTP. Use `himalaya` to list, read, write, reply, forward, search, and organize emails from the terminal. Supports multiple accounts and message composition with MML (MIME Meta Language).