// Audit AI agent configurations for security risks — excessive permissions, prompt injection surfaces, data exfiltration paths, and missing guardrails. Use when reviewing CLAUDE.md files, MCP configs, agent orchestration code, or any AI agent setup.
Assess agentic AI applications against the OWASP Top 10 for Agentic Applications 2026. Use when reviewing autonomous AI agents, multi-agent systems, or agentic workflows for security risks including goal hijacking, tool misuse, privilege abuse, and rogue agent behavior.
Comprehensive LLM security assessment against OWASP Top 10 for LLM Applications 2025. Use when reviewing LLM-integrated applications, RAG pipelines, chatbots, AI agents, or GenAI features. Covers prompt injection, data poisoning, supply chain, excessive agency, and more with real-world attack scenarios and testing methodologies.
Security review of MCP (Model Context Protocol) server implementations and configurations. Use when auditing MCP server source code, evaluating third-party MCP servers before installation, or reviewing Claude Code MCP integrations for overpermissioning, injection risks, and data exposure.
Test LLM-integrated applications against known prompt injection techniques, evasion methods, and attack intents using the Arcanum PI Taxonomy. Use when red-teaming AI apps, validating guardrails, or deepening LLM01 (Prompt Injection) assessments.
Comprehensive API security review against OWASP API Security Top 10 (2023). Use when reviewing OpenAPI/Swagger specs, auditing REST/GraphQL/gRPC implementations, testing authentication mechanisms, or checking API gateway configurations. Covers BOLA/IDOR, broken auth, mass assignment, rate limiting, SSRF, and more with real-world attack scenarios.
Security-focused code review mapped to OWASP Top 10 and ASVS. Use when reviewing pull requests, auditing files or modules for vulnerabilities, or performing pre-merge security gate checks. Covers injection, auth, authorization, cryptography, data exposure, misconfiguration, and deserialization.
| name | agent-security-audit |
| description | Audit AI agent configurations for security risks — excessive permissions, prompt injection surfaces, data exfiltration paths, and missing guardrails. Use when reviewing CLAUDE.md files, MCP configs, agent orchestration code, or any AI agent setup. |
| license | CC-BY-4.0 |
Evaluate an AI agent's security posture by following the full procedure in plays/agent-security-audit.md.
Permission Inventory — Enumerate every tool, MCP server, file system path, network access, and credential the agent has. Flag capabilities beyond what its stated purpose requires.
Prompt Injection Surface Analysis — For each input path (user messages, tool outputs, MCP resources, RAG documents), assess whether crafted input could cause the agent to invoke unintended tools, override instructions, or exfiltrate data.
Excessive Agency Assessment (OWASP LLM06) — Check whether destructive/irreversible actions require confirmation, whether access exceeds need, whether the agent can escalate its own privileges, and whether individually-safe tool calls can chain into harmful outcomes.
Data Exfiltration Path Analysis — Map how sensitive data could leave the agent boundary: secrets passed to external tools, file contents in web requests, cross-MCP-server data forwarding, sensitive data in logs.
Tool-Call Injection Assessment — For each tool: can user-controlled input reach tool parameters unsanitized? Check for command injection, path traversal, SSRF, and SQL injection through agent-constructed calls.
Guardrail Evaluation — Check for system prompt safety instructions, tool call confirmations, output filtering, rate limiting, audit logging, and sandboxing.
Use the finding format from templates/finding.md. Produce a Permission Summary table, Risk Findings, Injection Surface Map, and prioritized Recommendations.
