Derive security requirements from threat models and business context. Use when translating threats into actionable requirements, creating security user stories, or building security test cases.
Install
npx agentshq add wshobson/agents --agent security-requirement-extractionDerive security requirements from threat models and business context. Use when translating threats into actionable requirements, creating security user stories, or building security test cases.
Transform threat analysis into actionable security requirements.
Business Requirements → Security Requirements → Technical Controls
↓ ↓ ↓
"Protect customer "Encrypt PII at rest" "AES-256 encryption
data" with KMS key rotation"
| Type | Focus | Example | | ------------------ | ----------------------- | ------------------------------------- | | Functional | What system must do | "System must authenticate users" | | Non-functional | How system must perform | "Authentication must complete in <2s" | | Constraint | Limitations imposed | "Must use approved crypto libraries" |
| Attribute | Description | | ---------------- | --------------------------- | | Traceability | Links to threats/compliance | | Testability | Can be verified | | Priority | Business importance | | Risk Level | Impact if not met |
Full template library lives in references/details.md. Read that file when you need concrete templates for this skill.