AgentSkillsCN

infrastructure-vulnerabilities

OWASP 基础设施十大漏洞知识库,用于识别、评估并修复内部 IT 基础设施环境中的安全风险。

SKILL.md
--- frontmatter
name: infrastructure-vulnerabilities
description: OWASP Infrastructure Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in internal IT infrastructure environments.
license: MIT
metadata:
  authors: "OWASP Infrastructure Security Project"
  spec_version: "1.0"
  framework_revision: "1.0.0"
  last_updated: "2026-02-13"
  skill_based_on: "https://github.com/chris-buckley/agnostic-prompt-standard"
  content_based_on: "https://owasp.org/www-project-top-10-infrastructure-security-risks/"

Infrastructure Vulnerabilities — Skill Entry

This SKILL.md is the entrypoint for the Infrastructure Vulnerabilities skill.

The skill encodes the OWASP Infrastructure Security Top 10 (2024) as structured, machine-readable references that an agent can query to identify, assess, and remediate infrastructure security risks.

Normative references (Infrastructure Top 10)

  1. 00 Vulnerability Index
  2. 01 Outdated Software
  3. 02 Insufficient Threat Detection
  4. 03 Insecure Configurations
  5. 04 Insecure Resource and User Management
  6. 05 Insecure Use of Cryptography
  7. 06 Insecure Network Access Management
  8. 07 Insecure Authentication Methods and Default Credentials
  9. 08 Information Leakage
  10. 09 Insecure Access to Resources and Management Components
  11. 10 Insufficient Asset Management and Documentation

Skill layout

  • SKILL.md — this file (skill entrypoint).
  • references/ — the Infrastructure Top 10 normative documents.
    • 00-vulnerability-index.md — master index of all vulnerability identifiers, categories, and cross-references.
    • 01 through 10 — one document per vulnerability aligned with OWASP Infrastructure Security numbering.
  • assets/ — reusable format and constants blocks.
    • constants/ — vulnerability catalog and category definitions.
      • constants-infrastructure-catalog-v1.0.0.md
    • formats/ — output contract examples.
      • format-vulnerability-assessment-v1.0.0.md
      • format-remediation-checklist-v1.0.0.md