Pattern: Security Threat Review

Pattern: Security Threat Review

Category: Quality Assurance Source: garrytan/gstack (/cso) Status: Cataloged Evaluation: RD-0013

When to Use

When an agent, digital talent, or system design needs proactive security analysis — not just code review for bugs, but structured threat modeling. Essential for enterprise client deliverables (STM, regulated industries) and any digital talent handling sensitive data or external integrations.

How It Works

  • OWASP Top 10 scan: Check the artifact against the current OWASP Top 10 categories
    • Injection, broken auth, sensitive data exposure, XXE, broken access control, etc.
    • For agent systems: prompt injection, data exfiltration, scope escalation
  • STRIDE threat modeling: Systematically analyze each component for:
    • Spoofing — can an attacker impersonate a legitimate user or agent?
    • Tampering — can data or instructions be modified in transit?
    • Repudiation — can actions be denied without audit trail?
    • Information disclosure — can sensitive data leak?
    • Denial of service — can the system be overwhelmed?
    • Elevation of privilege — can an attacker gain unauthorized access?
  • Confidence filtering: Only report findings at 8/10+ confidence to avoid noise
  • Remediation guidance: Each finding includes a recommended fix, not just a warning

Example

Before delivering the STM BizTalk migration digital talent, the security threat review pattern analyzes the agent.md for prompt injection vectors (an external user could craft a BizTalk artifact name that injects instructions), checks the file I/O patterns for path traversal risks, and validates that the agent cannot accidentally expose source code in its outputs. Two high-confidence findings are flagged: an unvalidated file path input and a missing output sanitization step.

Tradeoffs

Pro Con
Structured methodology (STRIDE) prevents ad-hoc security thinking Requires security domain knowledge to interpret findings
Confidence filtering reduces false positive noise May miss novel attack vectors not in OWASP/STRIDE frameworks
Proactive — catches issues before deployment Adds time to the delivery pipeline
Enterprise clients expect this level of diligence Agent-specific threats (prompt injection) evolve rapidly

Factory Usage

  • Quinn (QA Engineer): Run as part of the QA gate for enterprise digital talents
  • Clara (CTO): Review findings for architectural implications
  • Extends: Guardrails and Safety pattern (tool-use/guardrails-and-safety.md) with structured methodology