Comprehensive LLM security assessment against OWASP Top 10 for LLM Applications 2025. Use when reviewing LLM-integrated applications, RAG pipelines, chatbots, AI agents, or GenAI features. Covers prompt injection, data poisoning, supply chain, excessive agency, and more with real-world attack scenarios and testing methodologies.
설치
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
Comprehensive LLM security assessment against OWASP Top 10 for LLM Applications 2025. Use when reviewing LLM-integrated applications, RAG pipelines, chatbots, AI agents, or GenAI features. Covers prompt injection, data poisoning, supply chain, excessive agency, and more with real-world attack scenarios and testing methodologies.
allowed-tools
Read, Grep, Glob, Bash, WebFetch, Agent
LLM Risk Assessment (2025)
Comprehensive evaluation of LLM applications against OWASP Top 10 for LLM Applications 2025. Follow the detailed procedure in plays/llm-risk-assess.md.
Steps
Architecture & Threat Modeling
Map LLM provider (OpenAI, Anthropic, local models)
Document data flows: user input → preprocessing → prompt construction → LLM → output processing → actions
Identify RAG components, tool integrations, memory systems
Define trust boundaries and attack surfaces
Automated Security Testing
Run prompt injection probes (Garak, Giskard, custom scripts)
Test output handling vulnerabilities
Scan for secrets in prompts and configurations
Validate vector database security
Assess All 10 OWASP LLM 2025 Risks with attack scenarios: