Add tm7-threat-model skill for valid TM7 file generation#2280
Open
prasadgd9022 wants to merge 1 commit into
Open
Add tm7-threat-model skill for valid TM7 file generation#2280prasadgd9022 wants to merge 1 commit into
prasadgd9022 wants to merge 1 commit into
Conversation
Adds a skill that generates valid Microsoft Threat Modeling Tool (.tm7) files using the correct WCF DataContractSerializer format, with a minimal reference file. Includes STRIDE threat generation workflow and a checklist of common serialization mistakes that corrupt .tm7 files. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a skill for generating Microsoft Threat Modeling Tool .tm7 files.
Changes:
- Documents TM7 serialization and STRIDE modeling.
- Adds a bundled TM7 reference model.
- Registers the skill in generated documentation.
Reviewed changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
skills/tm7-threat-model/SKILL.md |
Defines generation instructions and serialization examples. |
skills/tm7-threat-model/example-minimal.tm7 |
Provides the reference TM7 model. |
docs/README.skills.md |
Adds the skill catalog entry. |
Comment on lines
+189
to
+193
| Threats go in `<ThreatInstances>` using `<KeyValueOfstringThreatpc_P0_PhBB>`: | ||
|
|
||
| ```xml | ||
| <ThreatInstances> | ||
| <KeyValueOfstringThreatpc_P0_PhBB xmlns:a="...Arrays"> |
Comment on lines
+54
to
+55
| - Custom elements such as `<MetaInformation>`, `<SecurityGaps>`, `<Mitigations>`, | ||
| `<Assumptions>` — they do not exist in the TM7 schema. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Adds a new
tm7-threat-modelskill that generates valid Microsoft Threat Modeling Tool (.tm7) files..tm7files use the WCFDataContractSerializerformat (not generic XML); the Threat Modeling Tool refuses to open files that use a plain-XML structure. This skill documents the exact root element, namespace prefixes, stencil/data-flow/threat serialization, and a checklist of common mistakes that corrupt.tm7files. It bundles a validatedexample-minimal.tm7reference (well-formed, no<?xml?>declaration).This is a clean re-submission of #1660 (which was closed only because it targeted
mainand had a polluted, auto-regenerated diff). This PR targetsstagedand changes only the new skill folder plus its single generated row indocs/README.skills.md.Type of Contribution
Additional Notes
npm run skill:validate→✅ tm7-threat-model is valid.npm run buildregenerateddocs/README.skills.md(single added row).stagedbranch as required.