Workflow Prompts

Agentic capabilities in SD Elements are delivered through Workflow Prompts (also known as Skills). While the MCP server provides the underlying tools, a Workflow Prompt defines the higher-level orchestration—how those tools are used together to accomplish a defined outcome. A Workflow Prompt guides an agent through structured, multi-step, repeatable reasoning across SD Elements concepts, replacing fragmented manual steps or brittle scripts with governed automation.

Available Workflows

Set Up Security Plan from Existing Codebase - /configure-survey-and-generate-specs

Analyze a source code repository to create an SDE project, collect applicable security requirements and countermeasures in SD Elements, and create an agentic security mitigation plan.

Key Functions:

  • Completes SD Elements survey with evidence from repository analysis.

  • Supports risk policy selection for threat modeling alignment with compliance.

  • Retrieves and organizes actionable security countermeasures.

  • Produces granular security specifications for incremental tracking and completion.

  • Preserves existing project content, avoiding overwriting prior configuration.

This workflow prompt is typically the starting point for teams working from an existing codebase.

Create a Security Plan from Design Documents - /new-secure-application-from-spec-files

Interpret application specifications to generate an agentic initial risk-mitigation plan and scaffolding before full implementation.

Key Functions:

  • Processes SDLC documents (PRDs, requirements, design, architecture).

  • Supports sources: local files, Confluence, or Jira.

  • Completes SD Elements project survey using specification content.

  • Retrieves relevant security countermeasures based on project context/risk.

  • Generates initial project scaffold with security guidance.

This workflow prompt is designed for greenfield projects and early design-stage workflows, allowing teams to begin threat modeling before code exists.

Apply Security Fixes to Codebase - /apply-fixes-from-security-specs

Leveraging AI SAST, the system reviews changes within the repository to suggest iterative updates. This ensures that project requirements remain consistently aligned with the evolving codebase.

Key Functions:

  • Reads specifications and applies fixes to source code.

  • Supports flexible fix application: broadly or in controlled steps.

  • Allows incremental work with individual change review/approval.

  • Records progress to SD Elements with notes for visibility and auditability.

  • Supports resuming interrupted work.

  • Provides clearer progress reporting.

This workflow prompt is best used after security specifications have been generated and reviewed.

Customization and Flexibility

Workflow Prompts will be managed in the existing SD Elements content library, which makes them easy to customize, manage, and distribute across teams. Because these particles skills are defined in simple Markdown (SKILL.md) files, they are fully transparent and customizable.

  • Edit Existing Skills: You can adjust the instructions, add new verification steps, or modify the MCP tool calls in any existing skill to better match your team’s specific processes.

  • Create Custom Workflows: You can easily create your own SKILL.md files from scratch to automate other security tasks or create entirely new workflows tailored to your organization’s needs. This allows you to build a library of custom, automated security processes that your team can rely on.

Usage Notes

  • Best used for accelerating project planning and ongoing alignment.

  • Outputs may vary depending on model capability.

  • Larger models typically perform better for complex repositories.

  • To build your own Skills, refer to this documentation for assistance.

results matching ""

    No results matching ""