# Build Threat Models with pytm

Security teams need repeatable threat models that stay aligned with changing architecture. This skill helps Claude, Codex, and Claude Code guide pytm-based STRIDE analysis and report generation.

## Install

```bash
npx skillstore add agentsecops/pytm
```

## Metadata

- - Status: approved
- - Slug: agentsecops-pytm
- - Version: 0.1.0
- - Author: AgentSecOps
- - GitHub username: AgentSecOps
- - License: MIT
- - Repository: https://github.com/AgentSecOps/SecOpsAgentKit/tree/main/skills/threatmodel/pytm
- - Ref: main
- - Supported tools: Claude, Codex, Claude Code
- - Risk level: medium
- - Risk factors: external\_commands, network
- - Quality score: 74
- - Public page: https://skillstore.pages.dev/skills/agentsecops-pytm
- - Manifest: https://skillstore.pages.dev/api/skills/agentsecops-pytm/manifest

## Capabilities

- Explains how to define actors, boundaries, components, and data flows in pytm.
- Guides STRIDE review of spoofing, tampering, repudiation, disclosure, denial, and privilege threats.
- Shows patterns for web applications, microservices, trust boundaries, and custom threats.
- Provides examples for generating diagrams, reports, and mitigation tracking outputs.
- Describes CI/CD integration for regenerating and checking threat models.

## Use Cases

- Model a Web Application: Create a pytm model for a web, application, and database tier with trust boundaries and encrypted flows.
- Review Microservice Architecture: Map API gateways, services, databases, and cross-boundary flows to identify STRIDE threats early.
- Add Threat Modeling to CI: Use automated checks to regenerate diagrams and identify threats that lack documented mitigations.

## Prompt Templates

### Start a Basic Threat Model

```
Help me create a pytm threat model for a simple web application. Include actors, trust boundaries, components, and key data flows.
```

### Analyze STRIDE Threats

```
Review my pytm model for STRIDE coverage. Identify missing properties, weak assumptions, and threats that need mitigations.
```

### Prepare a CI Workflow

```
Design a CI workflow that runs my pytm threat model, stores diagrams, and flags threats without documented mitigations.
```

### Create Custom Threat Logic

```
Help me define custom pytm threats for my cloud architecture. Include conditions, mitigations, scoring, and review criteria.
```

## Limitations

- It is a guidance-only skill and does not include the referenced helper scripts in the file tree.
- Users must install pytm and graphviz before running examples.
- Generated threats depend on accurate architecture properties and manual validation.
- Threat reports may expose architecture details and require access control.

## Best Practices

- Use placeholders for secrets and sensitive architecture details in models.
- Review generated STRIDE findings with engineers who understand the system.
- Protect generated diagrams and reports because they reveal security architecture.

## Anti Patterns

- Do not copy privileged install commands into production systems without review.
- Do not treat generated threats as complete without validating model properties.
- Do not publish threat reports that expose internal boundaries or sensitive data flows.

## Security Audit

- - Safe to publish: true
- - Audited at: 2026-06-28T05:55:59.945\+00:00
- - Summary: Static analysis reported many command, network, credential, C2, and weak-crypto patterns, but review shows most are markdown examples, security taxonomy terms, or reference links. No prompt injection or malicious intent was found in SKILL.md. The remaining risk is legitimate guidance that includes package installation and sudo commands, so publication should include a command-execution warning.

## Stats

- - Views: 332
- - Downloads: 5
- - Favorites: 0
- - Popularity score: 0
