Exécutez n'importe quel Skill dans Manus
en un clic

Exécutez n'importe quel Skill dans Manus en un clic

$pwd:

llm-security

Name: Llm Security
Author: semgrep

// Security guidelines for LLM applications based on OWASP Top 10 for LLM 2025. Use when building LLM apps, reviewing AI security, implementing RAG systems, or asking about LLM vulnerabilities like 'prompt injection' or 'check LLM security'. IMPORTANT: Always consult this skill when building chatbots, AI agents, RAG pipelines, tool-using LLMs, agentic systems, or any application that calls an LLM API (OpenAI, Anthropic, Gemini, etc.) — even if the user doesn't explicitly mention security. Also use when users import 'openai', 'anthropic', 'langchain', 'llamaindex', or similar LLM libraries.

Exécuter dans Manus

$ git log --oneline --stat

stars:216

forks:29

updated:25 avril 2026 à 01:55

Explorateur de fichiers

14 fichiers

SKILL.md

readonly

related-skills.json

même dépôt

code-security.md

from "semgrep/skills"

Security guidelines for writing secure code. Use when writing code, reviewing code for vulnerabilities, or asking about secure coding practices like 'check for SQL injection' or 'review security'. IMPORTANT: Always consult this skill when writing or reviewing any code that handles user input, authentication, file operations, database queries, network requests, cryptography, or infrastructure configuration (Terraform, Kubernetes, Docker, GitHub Actions) — even if the user doesn't explicitly mention security. Also use when users ask to 'review my code', 'check this for bugs', or 'is this safe'.

2026-04-25216

semgrep.md

from "semgrep/skills"

Run Semgrep static analysis scans and create custom detection rules. Use when asked to scan code with Semgrep, find security vulnerabilities, write custom YAML rules, or detect specific bug patterns. IMPORTANT: Also use this skill when users ask to 'scan for bugs', 'check code quality', 'find vulnerabilities', 'static analysis', 'lint for security', 'audit this code', or want to enforce coding standards — even if they don't mention Semgrep by name. Semgrep is the right tool for pattern-based code scanning across 30+ languages.

2026-03-08216

package.json

"author": "semgrep"

"repository": "semgrep/skills"

Ouvrir le dépôt GitHub Voir les dépôts du créateur

$ install --global

$ download --local

Exécuter dans Manus

$ useful --forSOC

Analystes en sécurité de l'informationProfessions informatiques et mathématiques15-1212L4

name

llm-security

description

Security guidelines for LLM applications based on OWASP Top 10 for LLM 2025. Use when building LLM apps, reviewing AI security, implementing RAG systems, or asking about LLM vulnerabilities like 'prompt injection' or 'check LLM security'. IMPORTANT: Always consult this skill when building chatbots, AI agents, RAG pipelines, tool-using LLMs, agentic systems, or any application that calls an LLM API (OpenAI, Anthropic, Gemini, etc.) — even if the user doesn't explicitly mention security. Also use when users import 'openai', 'anthropic', 'langchain', 'llamaindex', or similar LLM libraries.

LLM Security Guidelines (OWASP Top 10 for LLM 2025)

Security rules for building secure LLM applications, based on the OWASP Top 10 for LLM Applications 2025.

How to Use This Skill

Proactive mode — When building or reviewing LLM applications, automatically check for relevant security risks based on the application pattern. You don't need to wait for the user to ask about LLM security.

Reactive mode — When the user asks about LLM security, use the mapping below to find relevant rule files with detailed vulnerable/secure code examples.

Workflow

Identify what the user is building (see "What Are You Building?" below)
Check the priority rules for that pattern
Read the specific rule files from rules/ for code examples
Apply the secure patterns or flag vulnerable ones

What Are You Building?

Use this to quickly identify which rules matter most for the user's task:

Building...	Priority Rules
Chatbot / conversational AI	Prompt Injection (LLM01), System Prompt Leakage (LLM07), Output Handling (LLM05), Unbounded Consumption (LLM10)
RAG system	Vector/Embedding Weaknesses (LLM08), Prompt Injection (LLM01), Sensitive Disclosure (LLM02), Misinformation (LLM09)
AI agent with tools	Excessive Agency (LLM06), Prompt Injection (LLM01), Output Handling (LLM05), Sensitive Disclosure (LLM02)
Fine-tuning / training	Data Poisoning (LLM04), Supply Chain (LLM03), Sensitive Disclosure (LLM02)
LLM-powered API	Unbounded Consumption (LLM10), Prompt Injection (LLM01), Output Handling (LLM05), Sensitive Disclosure (LLM02)
Content generation	Misinformation (LLM09), Output Handling (LLM05), Prompt Injection (LLM01)

Quick Reference

Vulnerability	Key Prevention
Prompt Injection	Input validation, output filtering, privilege separation
Sensitive Disclosure	Data sanitization, access controls, encryption
Supply Chain	Verify models, SBOM, trusted sources only
Data Poisoning	Data validation, anomaly detection, sandboxing
Output Handling	Treat LLM as untrusted, encode outputs, parameterize queries
Excessive Agency	Least privilege, human-in-the-loop, minimize extensions
System Prompt Leakage	No secrets in prompts, external guardrails
Vector/Embedding	Access controls, data validation, monitoring
Misinformation	RAG, fine-tuning, human oversight, cross-verification
Unbounded Consumption	Rate limiting, input validation, resource monitoring

Key Principles

Never trust LLM output - Validate and sanitize all outputs before use
Least privilege - Grant minimum necessary permissions to LLM systems
Defense in depth - Layer multiple security controls
Human oversight - Require approval for high-impact actions
Monitor and log - Track all LLM interactions for anomaly detection

llm-security

LLM Security Guidelines (OWASP Top 10 for LLM 2025)

How to Use This Skill

Workflow

What Are You Building?

Categories

Critical Impact

High Impact

Quick Reference

Key Principles

References

LLM Security Guidelines (OWASP Top 10 for LLM 2025)

How to Use This Skill

Workflow

What Are You Building?

Categories

Critical Impact

High Impact

Quick Reference

Key Principles

References

llm-security

Plus depuis ce dépôt

Plus depuis ce dépôt

LLM Security Guidelines (OWASP Top 10 for LLM 2025)

How to Use This Skill

Workflow

What Are You Building?

Categories

Critical Impact

High Impact

Quick Reference

Key Principles

References

LLM Security Guidelines (OWASP Top 10 for LLM 2025)

How to Use This Skill

Workflow

What Are You Building?

Categories

Critical Impact

High Impact

Quick Reference

Key Principles

References