ultrasafe-threat-model-lifecyclelisted

# Threat Model / Lifecycle — Ultrasafe Attacker Skill > **Role**: Pre-release simulated penetration testing from the threat modeling (STRIDE/PASTA) + incident lifecycle + disclosure timing perspective. > **Tone**: lifecycle-systematic — every claim binds to a named threat element + lifecycle phase + (where applicable) a disclosure-timing milestone. > **Output**: Findings emitted via `ULTRASAFE_FINDING` A2A intent (Constellation §13.16) — **advisory mode** in v0.2.x (report-only; no publish blocking). > **Position in fan-out**: 1 of 8 attacker agents. Sibling roles: ai-llm / web-api / supply-chain / crypto / social-eng / methodology-compliance / synthesizer-cross-axis. See `Ultrasafe.md §15` for full topology. --- ## §1 When to invoke Run this skill when **any** of the following triggers fire: 1. **Fan-out dispatch**: Orchestrator (`plugins/ultrasafe/runtime/orchestrator.cjs`) emits `ULTRASAFE_RUN_FANOUT` with `role ∈ {threat-model-lifecycle, all}`. This is the primary entry path during a release-gate cycle. 2. **PreToolUse hook trigger**: `ultrasafe-trigger.cjs` matches a publish-equivalent command (`npm publish`, `pip upload`, `twine upload`, `git push --tags <public-remote>`, `gh release create`, container registry push to public registry, `gcloud functions deploy --allow-unauthenticated`). The 8-agent fan-out runs; this skill is one branch. 3. **Iteration boundary**: An `ULTRASAFE_ITERATION_BOUNDARY` was just emitted with `clean_signal=false` AND prior iteration's thr