一键在 Manus 中运行任何 Skill

$pwd:

llm-risk-assess

Name: Llm Risk Assess
Author: OWASP

// Comprehensive LLM security assessment against OWASP Top 10 for LLM Applications 2025. Use when reviewing LLM-integrated applications, RAG pipelines, chatbots, AI agents, or GenAI features. Covers prompt injection, data poisoning, supply chain, excessive agency, and more with real-world attack scenarios and testing methodologies.

在 Manus 中运行

$ git log --oneline --stat

stars:78

forks:8

updated:2026年5月17日 20:08

SKILL.md

readonly

name	llm-risk-assess
description	Comprehensive LLM security assessment against OWASP Top 10 for LLM Applications 2025. Use when reviewing LLM-integrated applications, RAG pipelines, chatbots, AI agents, or GenAI features. Covers prompt injection, data poisoning, supply chain, excessive agency, and more with real-world attack scenarios and testing methodologies.
allowed-tools	Read, Grep, Glob, Bash, WebFetch, Agent

LLM Risk Assessment (2025)

Comprehensive evaluation of LLM applications against OWASP Top 10 for LLM Applications 2025. Follow the detailed procedure in plays/llm-risk-assess.md.

Steps

Architecture & Threat Modeling
- Map LLM provider (OpenAI, Anthropic, local models)
- Document data flows: user input → preprocessing → prompt construction → LLM → output processing → actions
- Identify RAG components, tool integrations, memory systems
- Define trust boundaries and attack surfaces
Automated Security Testing
- Run prompt injection probes (Garak, Giskard, custom scripts)
- Test output handling vulnerabilities
- Scan for secrets in prompts and configurations
- Validate vector database security
Assess All 10 OWASP LLM 2025 Risks with attack scenarios:
- LLM01 Prompt Injection — Direct/indirect injection, jailbreaks, goal hijacking, delimiter bypasses
- LLM02 Sensitive Information Disclosure — Training data leakage, PII exposure, system info extraction, memorized secrets
- LLM03 Supply Chain — Model poisoning, malicious dependencies, insecure plugins, provenance issues
- LLM04 Data and Model Poisoning — Training data poisoning, RAG poisoning, embedding manipulation
- LLM05 Improper Output Handling — XSS, command injection, SQLi, path traversal via LLM outputs
- LLM06 Excessive Agency — Unauthorized tool calls, permission escalation, dangerous action chains
- LLM07 System Prompt Leakage — Prompt extraction attacks, secret disclosure, instruction reverse engineering
- LLM08 Vector and Embedding Weaknesses — Adversarial embeddings, retrieval poisoning, similarity attacks
- LLM09 Misinformation — Hallucinations, authoritative presentation, grounding failures, harmful domains
- LLM10 Unbounded Consumption — Token exhaustion, cost attacks, resource exhaustion, DoS
Red Team Testing
- Attempt real-world attack scenarios
- Test defense bypasses and evasion techniques
- Validate guardrails and safety controls

Output

Comprehensive LLM security report:

Architecture diagram with trust boundaries
Risk matrix (all 10 categories with severity/status)
Detailed findings with proof-of-concept examples
Red team test results and bypass techniques
Remediation roadmap with code examples
Defense validation checklist

OWASP References

OWASP Top 10 for LLM Applications 2025
OWASP AI Exchange (owaspai.org)
OWASP AI Testing Guide
OWASP Cheat Sheet: Prompt Injection Prevention
OWASP Prompt Injection Taxonomy (Arcanum)

related-skills.json

同仓库

agent-security-audit.md

from "OWASP/secure-agent-playbook"

Audit AI agent configurations for security risks — excessive permissions, prompt injection surfaces, data exfiltration paths, and missing guardrails. Use when reviewing CLAUDE.md files, MCP configs, agent orchestration code, or any AI agent setup.

2026-05-1778

agentic-ai-risk-assess.md

from "OWASP/secure-agent-playbook"

Assess agentic AI applications against the OWASP Top 10 for Agentic Applications 2026. Use when reviewing autonomous AI agents, multi-agent systems, or agentic workflows for security risks including goal hijacking, tool misuse, privilege abuse, and rogue agent behavior.

2026-05-1778

mcp-server-review.md

from "OWASP/secure-agent-playbook"

Security review of MCP (Model Context Protocol) server implementations and configurations. Use when auditing MCP server source code, evaluating third-party MCP servers before installation, or reviewing Claude Code MCP integrations for overpermissioning, injection risks, and data exposure.

2026-05-1778

prompt-injection-test.md

from "OWASP/secure-agent-playbook"

Test LLM-integrated applications against known prompt injection techniques, evasion methods, and attack intents using the Arcanum PI Taxonomy. Use when red-teaming AI apps, validating guardrails, or deepening LLM01 (Prompt Injection) assessments.

2026-05-1778

api-security-review.md

from "OWASP/secure-agent-playbook"

Comprehensive API security review against OWASP API Security Top 10 (2023). Use when reviewing OpenAPI/Swagger specs, auditing REST/GraphQL/gRPC implementations, testing authentication mechanisms, or checking API gateway configurations. Covers BOLA/IDOR, broken auth, mass assignment, rate limiting, SSRF, and more with real-world attack scenarios.

2026-05-1778

code-review-security.md

from "OWASP/secure-agent-playbook"

Security-focused code review mapped to OWASP Top 10 and ASVS. Use when reviewing pull requests, auditing files or modules for vulnerabilities, or performing pre-merge security gate checks. Covers injection, auth, authorization, cryptography, data exposure, misconfiguration, and deserialization.

2026-05-1778

package.json

"author": "OWASP"

"repository": "OWASP/secure-agent-playbook"

打开 GitHub 仓库查看创作者相关仓库

$ install --global

$ download --local

在 Manus 中运行

$ useful --forSOC

信息安全分析师计算机与数学类职业15-1212L4

name	llm-risk-assess
description	Comprehensive LLM security assessment against OWASP Top 10 for LLM Applications 2025. Use when reviewing LLM-integrated applications, RAG pipelines, chatbots, AI agents, or GenAI features. Covers prompt injection, data poisoning, supply chain, excessive agency, and more with real-world attack scenarios and testing methodologies.
allowed-tools	Read, Grep, Glob, Bash, WebFetch, Agent

LLM Risk Assessment (2025)

Comprehensive evaluation of LLM applications against OWASP Top 10 for LLM Applications 2025. Follow the detailed procedure in plays/llm-risk-assess.md.

Steps

Architecture & Threat Modeling
- Map LLM provider (OpenAI, Anthropic, local models)
- Document data flows: user input → preprocessing → prompt construction → LLM → output processing → actions
- Identify RAG components, tool integrations, memory systems
- Define trust boundaries and attack surfaces
Automated Security Testing
- Run prompt injection probes (Garak, Giskard, custom scripts)
- Test output handling vulnerabilities
- Scan for secrets in prompts and configurations
- Validate vector database security
Assess All 10 OWASP LLM 2025 Risks with attack scenarios:
- LLM01 Prompt Injection — Direct/indirect injection, jailbreaks, goal hijacking, delimiter bypasses
- LLM02 Sensitive Information Disclosure — Training data leakage, PII exposure, system info extraction, memorized secrets
- LLM03 Supply Chain — Model poisoning, malicious dependencies, insecure plugins, provenance issues
- LLM04 Data and Model Poisoning — Training data poisoning, RAG poisoning, embedding manipulation
- LLM05 Improper Output Handling — XSS, command injection, SQLi, path traversal via LLM outputs
- LLM06 Excessive Agency — Unauthorized tool calls, permission escalation, dangerous action chains
- LLM07 System Prompt Leakage — Prompt extraction attacks, secret disclosure, instruction reverse engineering
- LLM08 Vector and Embedding Weaknesses — Adversarial embeddings, retrieval poisoning, similarity attacks
- LLM09 Misinformation — Hallucinations, authoritative presentation, grounding failures, harmful domains
- LLM10 Unbounded Consumption — Token exhaustion, cost attacks, resource exhaustion, DoS
Red Team Testing
- Attempt real-world attack scenarios
- Test defense bypasses and evasion techniques
- Validate guardrails and safety controls

Output

Comprehensive LLM security report:

Architecture diagram with trust boundaries
Risk matrix (all 10 categories with severity/status)
Detailed findings with proof-of-concept examples
Red team test results and bypass techniques
Remediation roadmap with code examples
Defense validation checklist

OWASP References

OWASP Top 10 for LLM Applications 2025
OWASP AI Exchange (owaspai.org)
OWASP AI Testing Guide
OWASP Cheat Sheet: Prompt Injection Prevention
OWASP Prompt Injection Taxonomy (Arcanum)

llm-risk-assess

LLM Risk Assessment (2025)

Steps

Output

OWASP References

同仓库更多 Skills

同仓库更多 Skills

LLM Risk Assessment (2025)

Steps

Output

OWASP References