threat-stack

Audit an AI-agent skill or plugin for supply-chain attacks BEFORE it runs. A thin in-editor wrapper over the pure, never-executing, zero-dependency skillsentry CLI (shipped self-contained in cli/). /skillsentry:audit <target> runs the deterministic auditor over this repo or ANY other repo you are working on and renders a PASS / REVIEW / BLOCK verdict whose findings are tagged to OWASP, MITRE ATLAS and STRIDE. Detection stays inside the deterministic CLI — the plugin never reads-and-judges target files in the agent context, so auditing a hostile repo is safe. The trust anchor of the threat-stack platform.

The agentic threat-intelligence layer of the threat-stack platform. Maps skillsentry's probe set onto STRIDE's six portals plus two EXTRA agentic axes (temporal, cognitive), deals the Elevation-of-Privilege 'threat-modelling poker' deck against the probes to surface ABSENT/THIN cells, and writes a gap analysis (doc/threat-model/). Under the self-improvement covenant it drafts new deterministic RuleSpec data and OPENS A PR — it never decides a verdict and never ships a rule directly; the deterministic test suite and a human are the acceptance gate. STRIDE is the organising lens here — one intelligence source feeding the covenant, not an authority that bypasses the gates.

The front door of the threat-stack platform. Greets whoever opens the repo, explains the value flow (AUDIT ▸ MODEL ▸ EXTEND), lists only the installed plugins and the next command to run, and consolidates each plugin's readiness into one view. A thin orchestrator that delegates to the specialists (skillsentry, threat-modeler, supersize-*) by capability and never re-implements them.

An OPT-IN 'supersize' extension that adds Semgrep static analysis on top of skillsentry's verdict for deeper, language-aware SAST. A SEPARATE product with its own trust statement: it shells out to an external `semgrep` binary if installed (degrading gracefully with install guidance when absent) and is NEVER imported into the skillsentry core, so the auditor's zero-dependency, never-executing, deterministic guarantees remain unqualified. Off by default.