Run any Skill in Manus with one click

$pwd:

pentest-ai-llm-security

Name: Pentest Ai Llm Security
Author: jd-opensource

// AI/LLM application security testing — prompt injection, jailbreaking, data exfiltration, and insecure output handling per OWASP LLM Top 10.

Run Skill in Manus

$ git log --oneline --stat

stars:276

forks:53

updated:February 11, 2026 at 09:17

File Explorer

3 files

SKILL.md

readonly

name	pentest-ai-llm-security
description	AI/LLM application security testing — prompt injection, jailbreaking, data exfiltration, and insecure output handling per OWASP LLM Top 10.

Pentest AI/LLM Security

Purpose

AI-integrated applications introduce entirely new attack surfaces. Prompt injection is the "SQLi of AI." Neither Shannon nor any existing skill addresses this domain. OWASP LLM Top 10 (2025) defines the methodology.

Prerequisites

Authorization Requirements

Written authorization with AI/LLM testing scope explicitly included
Model access details — API endpoints, model versions, tool/function access
Data sensitivity classification — what data the LLM can access
Rate limit awareness — LLM API costs can escalate quickly

Environment Setup

Garak for automated LLM vulnerability scanning
Burp Suite for API interception of LLM requests/responses
Python scripts for custom prompt injection payloads
Local proxy to capture full request/response chains

Core Workflow

Integration Point Discovery: Identify all LLM integration points — chat interfaces, content generation, RAG pipelines, AI search, code completion, summarization.
Direct Prompt Injection: Override system prompts, extract system prompt content, inject instructions that change model behavior.
Indirect Prompt Injection: Embed malicious instructions in documents/emails/web pages the LLM processes, poisoned RAG context.
Data Exfiltration: Extract training data, PII from context windows, other users' conversation history, system config details.
Insecure Output Handling: LLM output rendered as HTML (XSS via LLM), used in SQL queries (SQLi via LLM), used in system commands.
Excessive Agency: LLM with tool access performing unauthorized actions, privilege escalation through tool chains, resource abuse.
Classification: Document findings with OWASP LLM Top 10 (2025) classification and remediation guidance.

OWASP LLM Top 10 (2025) Coverage

Category	Test Focus	Status
LLM01 Prompt Injection	Direct and indirect injection	✅
LLM02 Sensitive Information Disclosure	Data exfiltration, PII leakage	✅
LLM03 Supply Chain	Model provenance, plugin trust	✅
LLM04 Data and Model Poisoning	Training data integrity	✅
LLM05 Improper Output Handling	XSS/SQLi via LLM output	✅
LLM06 Excessive Agency	Unauthorized tool use	✅
LLM07 System Prompt Leakage	System prompt extraction	✅
LLM08 Vector and Embedding Weaknesses	RAG poisoning	✅
LLM09 Misinformation	Hallucination exploitation	✅
LLM10 Unbounded Consumption	Resource exhaustion	✅

Tool Categories

Category	Tools	Purpose
LLM Scanning	Garak, rebuff	Automated prompt injection testing
API Interception	Burp Suite, mitmproxy	LLM API request/response capture
Prompt Fuzzing	Custom Python scripts	Payload generation and testing
Output Analysis	Browser DevTools, Burp	Insecure output rendering detection

References

references/tools.md - Tool function signatures and parameters
references/workflows.md - Attack pattern definitions and test vectors

related-skills.json

same repository

skill-creator.md

from "jd-opensource/JoySafeter"

Guide for creating effective skills. This skill should be used when users want to create a new skill (or update an existing skill) that extends an agent's capabilities with specialized knowledge, workflows, or tool integrations.

2026-03-26276

openclaw-security-checker.md

from "jd-opensource/JoySafeter"

OpenClaw 安全检测工具，基于安全实践指南验证配置安全、权限隔离、网络策略、日志审计和运行时完整性

2026-03-13276

openclaw-threat-detect.md

from "jd-opensource/JoySafeter"

OpenClaw 攻击模式检测工具，识别数据外传、反弹Shell、文件泄露、Prompt注入、供应链投毒等高危行为，支持 MITRE ATT&CK 映射

2026-03-13276

skill-security-auditor.md

from "jd-opensource/JoySafeter"

OpenClaw Skills 全方位安全审计工具，检测供应链投毒、Prompt注入、恶意代码模式、权限越权和依赖风险

2026-03-13276

planning-with-files.md

from "jd-opensource/JoySafeter"

Implements Manus-style file-based planning for complex tasks. Creates task_plan.md, findings.md, and progress.md. Use when starting complex multi-step tasks, research projects, or any task requiring >5 tool calls. Now with automatic session recovery after /clear.

2026-02-13276

pentest-api-deep.md

from "jd-opensource/JoySafeter"

Deep OWASP API Security Top 10 testing for REST, GraphQL, gRPC, and WebSocket APIs — BFLA, mass assignment, rate limiting, and unsafe consumption.

2026-02-11276

package.json

"author": "jd-opensource"

"repository": "jd-opensource/JoySafeter"

View GitHub Repository View Creator Repositories

$ install --global

$ download --local

Run Skill in Manus

$ useful --forSOC

Information Security AnalystsComputer and Mathematical Occupations15-1212L4

Pentest AI/LLM Security

Purpose

Prerequisites

Authorization Requirements

Written authorization with AI/LLM testing scope explicitly included

Model access details — API endpoints, model versions, tool/function access

Data sensitivity classification — what data the LLM can access

Rate limit awareness — LLM API costs can escalate quickly

Environment Setup

Garak for automated LLM vulnerability scanning

Burp Suite for API interception of LLM requests/responses

Python scripts for custom prompt injection payloads

Local proxy to capture full request/response chains

Core Workflow

Integration Point Discovery: Identify all LLM integration points — chat interfaces, content generation, RAG pipelines, AI search, code completion, summarization.

Direct Prompt Injection: Override system prompts, extract system prompt content, inject instructions that change model behavior.

Indirect Prompt Injection: Embed malicious instructions in documents/emails/web pages the LLM processes, poisoned RAG context.

Data Exfiltration: Extract training data, PII from context windows, other users' conversation history, system config details.

Insecure Output Handling: LLM output rendered as HTML (XSS via LLM), used in SQL queries (SQLi via LLM), used in system commands.

Excessive Agency: LLM with tool access performing unauthorized actions, privilege escalation through tool chains, resource abuse.

Classification: Document findings with OWASP LLM Top 10 (2025) classification and remediation guidance.

OWASP LLM Top 10 (2025) Coverage

pentest-ai-llm-security

Pentest AI/LLM Security

Purpose

Prerequisites

Authorization Requirements

Environment Setup

Core Workflow

OWASP LLM Top 10 (2025) Coverage

Tool Categories

References

More from this repository

More from this repository

Pentest AI/LLM Security

Purpose

Prerequisites

Authorization Requirements

Environment Setup

Core Workflow

OWASP LLM Top 10 (2025) Coverage

Tool Categories

References