Comprehensive LLM security assessment against OWASP Top 10 for LLM Applications 2025. Use when reviewing LLM-integrated applications, RAG pipelines, chatbots, AI agents, or GenAI features. Covers prompt injection, data poisoning, supply chain, excessive agency, and more with real-world attack scenarios and testing methodologies.
インストール
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
Comprehensive LLM security assessment against OWASP Top 10 for LLM Applications 2025. Use when reviewing LLM-integrated applications, RAG pipelines, chatbots, AI agents, or GenAI features. Covers prompt injection, data poisoning, supply chain, excessive agency, and more with real-world attack scenarios and testing methodologies.
allowed-tools
Read, Grep, Glob, Bash, WebFetch, Agent
LLM Risk Assessment (2025)
Comprehensive evaluation of LLM applications against OWASP Top 10 for LLM Applications 2025. Follow the detailed procedure in plays/llm-risk-assess.md.
Steps
Architecture & Threat Modeling
Map LLM provider (OpenAI, Anthropic, local models)
Document data flows: user input → preprocessing → prompt construction → LLM → output processing → actions
Identify RAG components, tool integrations, memory systems
Define trust boundaries and attack surfaces
Automated Security Testing
Run prompt injection probes (Garak, Giskard, custom scripts)
Test output handling vulnerabilities
Scan for secrets in prompts and configurations
Validate vector database security
Assess All 10 OWASP LLM 2025 Risks with attack scenarios: