Stats
Actions
Tags
From llm-security
Threat model an LLM / RAG / agentic AI system: map prompts, data sources, tools, identities, and trust boundaries, then enumerate AI-specific threats and mitigations. Use when designing or reviewing a GenAI feature's security.
How this skill is triggered — by the user, by Claude, or both
Slash command
/llm-security:ai-threat-modelThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
A threat model tailored to GenAI: the AI-specific trust boundaries and data flows
A threat model tailored to GenAI: the AI-specific trust boundaries and data flows made explicit, threats enumerated against them, and mitigations mapped — bridging classic threat modeling with the OWASP LLM Top 10.
security-diagramming:threat-model-dfd),
marking the trust boundary between trusted instructions and untrusted
content/tool output explicitly.threat-modeling:stride) AND overlay the OWASP
LLM Top 10 categories (owasp-llm-top10) — GenAI threats don't all fit
STRIDE neatly (e.g. excessive agency, misinformation).security-diagramming:attack-tree).threat-modeling:risk-rank), map mitigations.A GenAI threat model: AI DFD + threat table (element · threat · STRIDE/LLM-Top-10
ref · risk · mitigation) + top-risks summary. Use security-reporting for the
deliverable.
The decisive question for most GenAI systems: where does untrusted content gain
the ability to influence trusted actions? Find every such crossing and constrain
it. For RAG-heavy or agent-heavy systems, the rag-security / agentic-ai-security
plugins go deeper.
This is a security threat model (attacker-driven). It does not cover AI
safety — harm to users/society without an attacker (harmful content, bias,
reliability, misuse). For that, run ai-safety:harm-modeling alongside this.
Provides CDSS development patterns for drug interaction checking, dose validation, clinical scoring (NEWS2, qSOFA), and alert classification integrated into EMR workflows.
npx claudepluginhub jassics/awesome-claude-security --plugin llm-security