AgentSkillsCN

llm-vulnerabilities

OWASP LLM 应用程序十大漏洞知识库(2025),用于识别、评估并修复大型语言模型系统中的安全风险。

SKILL.md
--- frontmatter
name: llm-vulnerabilities
description: OWASP Top 10 for LLM Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in large language model systems.
license: MIT
metadata:
  authors: "OWASP LLM Applications Security Initiative"
  spec_version: "1.0"
  framework_revision: "1.0.0"
  last_updated: "2026-02-13"
  skill_based_on: "https://github.com/chris-buckley/agnostic-prompt-standard"
  content_based_on: "https://genai.owasp.org/resource/owasp-top-10-for-llm-applications-2025/"

LLM Vulnerabilities — Skill Entry

This SKILL.md is the entrypoint for the LLM Vulnerabilities skill.

The skill encodes the OWASP Top 10 for LLM Applications (2025) as structured, machine-readable references that an agent can query to identify, assess, and remediate security risks in large language model systems.

Normative references (LLM Top 10)

  1. 00 Vulnerability Index
  2. 01 Prompt Injection
  3. 02 Sensitive Information Disclosure
  4. 03 Supply Chain
  5. 04 Data and Model Poisoning
  6. 05 Improper Output Handling
  7. 06 Excessive Agency
  8. 07 System Prompt Leakage
  9. 08 Vector and Embedding Weaknesses
  10. 09 Misinformation
  11. 10 Unbounded Consumption

Skill layout

  • SKILL.md — this file (skill entrypoint).
  • references/ — the LLM Top 10 normative documents.
    • 00-vulnerability-index.md — master index of all vulnerability identifiers, categories, and cross-references.
    • 01 through 10 — one document per vulnerability aligned with OWASP LLM Applications numbering.
  • assets/ — reusable format and constants blocks.
    • constants/ — vulnerability catalog and category definitions.
      • constants-llm-catalog-v1.0.0.md
    • formats/ — output contract examples.
      • format-vulnerability-assessment-v1.0.0.md
      • format-remediation-checklist-v1.0.0.md