From b7d42a9e22da6e395be8a6e5ae78f1dfc97774d8 Mon Sep 17 00:00:00 2001 From: Samal Date: Sat, 25 Apr 2026 19:56:59 -0700 Subject: [PATCH 1/5] feat: add threatmodel extension to community catalog --- extensions/catalog.community.json | 32 +++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/extensions/catalog.community.json b/extensions/catalog.community.json index 8761682c17..ff149171e0 100644 --- a/extensions/catalog.community.json +++ b/extensions/catalog.community.json @@ -2060,6 +2060,38 @@ "created_at": "2026-04-10T00:00:00Z", "updated_at": "2026-04-10T00:00:00Z" }, + "threatmodel": { + "name": "OWASP LLM Threat Model", + "id": "threatmodel", + "description": "OWASP Top 10 for LLM Applications 2025 threat analysis on agent artifacts", + "author": "NaviaSamal", + "version": "1.0.0", + "download_url": "https://github.com/NaviaSamal/spec-kit-threatmodel/archive/refs/tags/v1.0.0.zip", + "repository": "https://github.com/NaviaSamal/spec-kit-threatmodel", + "homepage": "https://github.com/NaviaSamal/spec-kit-threatmodel", + "documentation": "https://github.com/NaviaSamal/spec-kit-threatmodel/blob/main/README.md", + "changelog": "https://github.com/NaviaSamal/spec-kit-threatmodel/blob/main/CHANGELOG.md", + "license": "MIT", + "requires": { + "speckit_version": ">=0.6.0" + }, + "provides": { + "commands": 1, + "hooks": 1 + }, + "tags": [ + "security", + "owasp", + "threat-model", + "llm", + "analysis" + ], + "verified": false, + "downloads": 0, + "stars": 0, + "created_at": "2026-04-25T00:00:00Z", + "updated_at": "2026-04-25T00:00:00Z" + }, "v-model": { "name": "V-Model Extension Pack", "id": "v-model", From 1f516508334ef24e0271158c3558c1c5a1c6a4fa Mon Sep 17 00:00:00 2001 From: Samal Date: Mon, 27 Apr 2026 10:13:04 -0700 Subject: [PATCH 2/5] update timestamp for catalogue freshness --- extensions/catalog.community.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/extensions/catalog.community.json b/extensions/catalog.community.json index ff149171e0..8f1af52f13 100644 --- a/extensions/catalog.community.json +++ b/extensions/catalog.community.json @@ -1,6 +1,6 @@ { "schema_version": "1.0", - "updated_at": "2026-04-17T02:00:00Z", + "updated_at": "2026-04-25T00:00:00Z", "catalog_url": "https://raw.githubusercontent.com/github/spec-kit/main/extensions/catalog.community.json", "extensions": { "aide": { From 8c4f4a3fe835ae00504338512f2d2125a8b2cfed Mon Sep 17 00:00:00 2001 From: Samal Date: Mon, 27 Apr 2026 10:15:46 -0700 Subject: [PATCH 3/5] update timestamp for catalogue freshness --- extensions/catalog.community.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/extensions/catalog.community.json b/extensions/catalog.community.json index 8f1af52f13..7df6d0bda0 100644 --- a/extensions/catalog.community.json +++ b/extensions/catalog.community.json @@ -1,6 +1,6 @@ { "schema_version": "1.0", - "updated_at": "2026-04-25T00:00:00Z", + "updated_at": "2026-04-27T00:00:00Z", "catalog_url": "https://raw.githubusercontent.com/github/spec-kit/main/extensions/catalog.community.json", "extensions": { "aide": { From b9a89aafca3c9c1b6328f2ccdb4c7379f9487662 Mon Sep 17 00:00:00 2001 From: NaviaSamal Date: Tue, 28 Apr 2026 14:32:42 -0700 Subject: [PATCH 4/5] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- extensions/catalog.community.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/extensions/catalog.community.json b/extensions/catalog.community.json index 7933550870..b26b592e31 100644 --- a/extensions/catalog.community.json +++ b/extensions/catalog.community.json @@ -1,6 +1,6 @@ { "schema_version": "1.0", - "updated_at": "2026-04-27T00:00:00Z", + "updated_at": "2026-04-28T12:00:00Z", "catalog_url": "https://raw.githubusercontent.com/github/spec-kit/main/extensions/catalog.community.json", "extensions": { "aide": { From ac2d72bbeda319cd185407ea69f7b744d82c00b2 Mon Sep 17 00:00:00 2001 From: NaviaSamal Date: Tue, 28 Apr 2026 14:42:44 -0700 Subject: [PATCH 5/5] Update README.md update readme.md with spec-kit-threatmodel --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 419e7f919a..81d74903e5 100644 --- a/README.md +++ b/README.md @@ -233,6 +233,7 @@ The following community-contributed extensions are available in [`catalog.commun | MemoryLint | Agent memory governance tool: Automatically audits and fixes boundary conflicts between AGENTS.md and the constitution. | `process` | Read+Write | [memorylint](https://github.com/RbBtSn0w/spec-kit-extensions/tree/main/memorylint) | | Onboard | Contextual onboarding and progressive growth for developers new to spec-kit projects. Explains specs, maps dependencies, validates understanding, and guides the next step | `process` | Read+Write | [spec-kit-onboard](https://github.com/dmux/spec-kit-onboard) | | Optimize | Audit and optimize AI governance for context efficiency — token budgets, rule health, interpretability, compression, coherence, and echo detection | `process` | Read+Write | [spec-kit-optimize](https://github.com/sakitA/spec-kit-optimize) | +| OWASP LLM Threat Model | OWASP Top 10 for LLM Applications 2025 threat analysis on agent artifacts | `code` | Read-only | [spec-kit-threatmodel](https://github.com/NaviaSamal/spec-kit-threatmodel) | | Plan Review Gate | Require spec.md and plan.md to be merged via MR/PR before allowing task generation | `process` | Read-only | [spec-kit-plan-review-gate](https://github.com/luno/spec-kit-plan-review-gate) | | PR Bridge | Auto-generate pull request descriptions, checklists, and summaries from spec artifacts | `process` | Read-only | [spec-kit-pr-bridge-](https://github.com/Quratulain-bilal/spec-kit-pr-bridge-) | | Presetify | Create and validate presets and preset catalogs | `process` | Read+Write | [presetify](https://github.com/mnriem/spec-kit-extensions/tree/main/presetify) |