一键导入
owasp-asi
OWASP Top 10 for Agentic Applications 2026 (ASI) classification framework. Use for mapping security findings to standardized risk categories.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
OWASP Top 10 for Agentic Applications 2026 (ASI) classification framework. Use for mapping security findings to standardized risk categories.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
当用户要求 AI/Agent 安全评估、蓝军演习、AI 安全审查、提示词注入测试、MCP/Skill/插件/代码包审计、Agent 工具链滥用测试,或需要生成类似渗透测试报告的 Markdown/HTML 时,必须使用本 skill。本 skill 让 Agent 以授权蓝军视角成为 AI 安全专家,面向 AI 产品、Agent、MCP Server、Skill、代码仓库和 AI 基础设施进行安全演习。优先使用第一性原理推理和真实证据,而不是机械跑 payload 库;脚本只用于 HTTP 指纹识别、证据聚合、报告渲染等确定性辅助任务。
Detect direct prompt injection or instruction override via user message (no external content). Focuses on system/role override attempts.
Detect unsafe file handling and path traversal in upload/save/extract flows. Focuses on user-controlled paths or filenames, not data leakage.
Detect hardcoded secrets in code or configuration accessible to the target agent. Focuses on secrets embedded in source, configs, or IaC, not runtime leaks.
Detect persistent instruction injection or long-term memory poisoning. Focus on writing/retaining hostile instructions for future tasks, not data leakage.
A.I.G Scanner — AI security scanning for infrastructure, AI tools / skills, AI Agents, and LLM jailbreak evaluation via Tencent Zhuque Lab AI-Infra-Guard. Uses built-in exec + Python script, no plugin required. Requires AIG_BASE_URL to be configured. Triggers on: scan AI service, AI vulnerability scan, scan AI infra, check CVE, audit AI service, scan MCP, scan skills, audit AI tools, scan agent, red-team LLM, jailbreak test, 扫描AI服务, 检查AI漏洞, 扫描AI工具, 检查MCP安全, 审计Agent, 越狱测试.
基于 SOC 职业分类
| name | owasp-asi |
| description | OWASP Top 10 for Agentic Applications 2026 (ASI) classification framework. Use for mapping security findings to standardized risk categories. |
OWASP Top 10 for Agentic Applications 2026 - Standardized risk classification for AI agent security.
| ID | Risk Type | Key Indicators |
|---|---|---|
| ASI01 | Agent Goal Hijack | Prompt injection, instruction override, goal manipulation |
| ASI02 | Tool Misuse & Exploitation | Unauthorized tool calls, parameter tampering, unvalidated inputs |
| ASI03 | Identity & Privilege Abuse | Auth bypass, permission escalation, missing authorization |
| ASI04 | Agentic Supply Chain | Malicious dependencies, compromised tools, package poisoning |
| ASI05 | Unexpected Code Execution | RCE, command injection, code evaluation |
| ASI06 | Memory & Context Poisoning | Data leakage, context manipulation, memory corruption |
| ASI07 | Insecure Inter-Agent Comm | Unencrypted channels, data exposure between agents |
| ASI08 | Cascading Failures | Error propagation, chain reaction vulnerabilities |
| ASI09 | Human-Agent Trust Exploit | Social engineering, deceptive responses |
| ASI10 | Rogue Agents | Malicious agent behavior, unauthorized actions |
| Detection Source | Type | Primary ASI | Secondary ASI |
|---|---|---|---|
data-leakage-detection | Skill | ASI06, ASI07 | ASI01, ASI03 |
tool-abuse-detection | Skill | ASI02, ASI05, ASI07 | ASI03 |
indirect-injection-detection | Skill | ASI01 | ASI06 |
authorization-bypass-detection | Skill | ASI03 | ASI09 |
| Prompt Injection tests | Dialogue | ASI01, ASI06 | ASI09 |
| Code Audit | Agent | ASI04, ASI05 | ASI10 |
| Finding Type | ASI Category | Rationale |
|---|---|---|
| API keys, tokens | ASI06 | Context contains sensitive data |
| System prompts | ASI01 | Enables goal hijacking |
| Credentials | ASI03 | Identity abuse risk |
| Internal configs | ASI04 | Supply chain exposure |
| PII exposure | ASI07 | Inter-agent data leak |
| Command injection | ASI05 | Unexpected code execution |
| Unauthorized tool calls | ASI02 | Tool misuse |
Action: Immediate remediation (within 24 hours)
Action: Urgent remediation (within 1 week)
Action: Address within 2-4 weeks
Action: Review as time permits
Load this skill when performing OWASP ASI classification:
load_skill(name="owasp-asi")
Then apply the mapping rules to classify findings.