Threat Modeling Workbench

## Overview
Threat Modeling Workbench gives security teams and developers a structured end-to-end workflow — from mapping attacker goals to shipping tested controls. It combines attack-tree-construction, security-requirement-extraction, and threat-mitigation-mapping into one cohesive plugin so nothing falls through the cracks between discovery and remediation.

## Quick Start
1. **Map attack paths** — Use `attack-tree-construction` to visualize how an attacker could reach a target. Describe the system and the attacker goal; the skill decomposes it into a structured tree of sub-goals and conditions.
2. **Extract requirements** — Feed the tree output into `security-requirement-extraction`. It translates each threat node into concrete, testable security requirements and user stories your engineering team can act on immediately.
3. **Prioritize controls** — Run `threat-mitigation-mapping` on the requirement list. The skill connects each threat to an appropriate control, scores remediation priority, and produces a plan your team can track.

## Key Commands
- **attack-tree-construction** — Build a visual threat tree for a given attacker goal or system boundary; great for architecture reviews and stakeholder communication.
- **security-requirement-extraction** — Turn raw threat descriptions into structured security requirements, acceptance criteria, and test cases.
- **threat-mitigation-mapping** — Match threats to NIST/CIS controls or custom mitigations; outputs a prioritized remediation backlog ready for sprint planning.

## Tips
- Run all three skills in sequence for a complete threat review: tree → requirements → mitigations.
- Pair with a compliance plugin (e.g., SOC 2 or ISO 27001) to cross-reference extracted requirements against control frameworks automatically.
- Use `attack-tree-construction` early in the design phase to catch architecture-level risks before they reach production.