mirror of
https://github.com/github/awesome-copilot.git
synced 2026-07-15 18:35:19 +00:00
Add tm7-threat-model skill for valid TM7 file generation (#2280)
* Add tm7-threat-model skill for valid TM7 file generation Adds a skill that generates valid Microsoft Threat Modeling Tool (.tm7) files using the correct WCF DataContractSerializer format, with a minimal reference file. Includes STRIDE threat generation workflow and a checklist of common serialization mistakes that corrupt .tm7 files. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address PR review: sanitize reference model, fix dangling refs, move to assets - Move example-minimal.tm7 into assets/ per repo convention (aaronpowell). - Remove personal/corporate metadata from the reference model (Owner, Contributors, ChangedBy domain account, project names). - Make the reference model self-contained: add a second stencil so the data flow and threat SourceGuid/TargetGuid/FlowGuid all resolve to real elements. - Fix SKILL.md threat contract (KeyValueOfstringThreatpc_P0_PhOB with b:-prefixed KnowledgeBase fields) to match the bundled reference. - Reconcile guidance: MetaInformation/Notes/KnowledgeBase are valid schema elements and must be preserved; only SecurityGaps/Mitigations are invalid. - Regenerate docs/README.skills.md and normalize line endings to LF. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address 2nd review: correct KnowledgeBase placement, valid TypeIds, z:Id uniqueness - Document KnowledgeBase as a top-level sibling after ThreatMetaData (not embedded) - Update skeleton to show <ThreatMetaData/>, sibling <KnowledgeBase>, and <Profile> - Replace TypeIds absent from the bundled KB: AzureCosmosDB -> AzureSQLDB, HumanUser -> Mobile, GenericDataFlow -> Request - Require z:Id uniqueness across the file in the common-mistakes checklist Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * ci: exclude *.tm7 exports from codespell MTM DataContract .tm7 exports embed base64 icon blobs whose substrings (oT, bu, wth, mKe, ...) trigger codespell false positives. Skip *.tm7, matching the existing convention for binary/asset files. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: prasad <prasaddharaskar@gmail.com> Co-authored-by: Aaron Powell <me@aaron-powell.com>
This commit is contained in:
@@ -376,6 +376,7 @@ See [CONTRIBUTING.md](../CONTRIBUTING.md#adding-skills) for guidelines on how to
|
||||
| [threat-model-analyst](../skills/threat-model-analyst/SKILL.md)<br />`gh skills install github/awesome-copilot threat-model-analyst` | Full STRIDE-A threat model analysis and incremental update skill for repositories and systems. Supports two modes: (1) Single analysis — full STRIDE-A threat model of a repository, producing architecture overviews, DFD diagrams, STRIDE-A analysis, prioritized findings, and executive assessments. (2) Incremental analysis — takes a previous threat model report as baseline, compares the codebase at the latest (or a given commit), and produces an updated report with change tracking (new, resolved, still-present threats), STRIDE heatmap, findings diff, and an embedded HTML comparison. Only activate when the user explicitly requests a threat model analysis, incremental update, or invokes /threat-model-analyst directly. | `references/analysis-principles.md`<br />`references/diagram-conventions.md`<br />`references/incremental-orchestrator.md`<br />`references/orchestrator.md`<br />`references/output-formats.md`<br />`references/skeletons`<br />`references/tmt-element-taxonomy.md`<br />`references/verification-checklist.md` |
|
||||
| [tiny-stepping](../skills/tiny-stepping/SKILL.md)<br />`gh skills install github/awesome-copilot tiny-stepping` | Incremental development workflow that makes the smallest meaningful change per step and pauses for feedback, so the direction gets validated early before continuing. Use for careful, iterative implementation with continuous validation. | None |
|
||||
| [tldr-prompt](../skills/tldr-prompt/SKILL.md)<br />`gh skills install github/awesome-copilot tldr-prompt` | Create tldr summaries for GitHub Copilot files (prompts, agents, instructions, collections), MCP servers, or documentation from URLs and queries. | None |
|
||||
| [tm7-threat-model](../skills/tm7-threat-model/SKILL.md)<br />`gh skills install github/awesome-copilot tm7-threat-model` | Creates valid Microsoft Threat Modeling Tool (.tm7) files compatible with the Microsoft Threat Modeling Tool v7.3+. Use this skill whenever asked to create, generate, or modify a .tm7 threat model file, or when performing STRIDE threat modeling that should output a .tm7 file that opens cleanly in the Microsoft Threat Modeling Tool. | `assets/example-minimal.tm7` |
|
||||
| [transloadit-media-processing](../skills/transloadit-media-processing/SKILL.md)<br />`gh skills install github/awesome-copilot transloadit-media-processing` | Process media files (video, audio, images, documents) using Transloadit. Use when asked to encode video to HLS/MP4, generate thumbnails, resize or watermark images, extract audio, concatenate clips, add subtitles, OCR documents, or run any media processing pipeline. Covers 86+ processing robots for file transformation at scale. | None |
|
||||
| [typescript-mcp-server-generator](../skills/typescript-mcp-server-generator/SKILL.md)<br />`gh skills install github/awesome-copilot typescript-mcp-server-generator` | Generate a complete MCP server project in TypeScript with tools, resources, and proper configuration | None |
|
||||
| [typespec-api-operations](../skills/typespec-api-operations/SKILL.md)<br />`gh skills install github/awesome-copilot typespec-api-operations` | Add GET, POST, PATCH, and DELETE operations to a TypeSpec API plugin with proper routing, parameters, and adaptive cards | None |
|
||||
|
||||
Reference in New Issue
Block a user