Context
The Phase 1 threat-modeling integration plan adds itemdb/notes/threat-model.md as a required Phase 1b artifact. The initial implementation will explicitly wire this artifact into Phase 2 and Phase 3, but Phase 5 consumption is intentionally deferred.
Phase 5 exploitation could use the threat model to keep exploit attempts realistic and scoped.
Proposal
Update Phase 5 prompts and supporting checks, where appropriate, so exploitation planning considers:
- attacker capabilities and explicit non-capabilities,
- documented exploit preconditions,
- trust boundaries crossed by the confirmed finding,
- affected assets and security objectives,
- existing controls that may narrow exploitability,
- open assumptions that would change exploit feasibility.
Acceptance criteria
- Phase 5 prompt explicitly references
itemdb/notes/threat-model.md when present.
- Exploitation attempts do not assume capabilities contradicted by the threat model.
- Exploit documentation records material threat-model assumptions affecting feasibility.
- Existing Phase 5 behavior remains compatible with projects that do not yet have threat-model artifacts.
Context
The Phase 1 threat-modeling integration plan adds
itemdb/notes/threat-model.mdas a required Phase 1b artifact. The initial implementation will explicitly wire this artifact into Phase 2 and Phase 3, but Phase 5 consumption is intentionally deferred.Phase 5 exploitation could use the threat model to keep exploit attempts realistic and scoped.
Proposal
Update Phase 5 prompts and supporting checks, where appropriate, so exploitation planning considers:
Acceptance criteria
itemdb/notes/threat-model.mdwhen present.