AgentSkillsCN

oss-vulnerabilities

OWASP 开源软件十大漏洞知识库,用于识别、评估并修复开源软件依赖中的安全风险。

SKILL.md
--- frontmatter
name: oss-vulnerabilities
description: OWASP Open Source Software Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in open source software dependencies.
license: MIT
metadata:
  authors: "OWASP Open Source Software Top 10 Project"
  spec_version: "1.0"
  framework_revision: "1.0.0"
  last_updated: "2026-02-16"
  skill_based_on: "https://github.com/chris-buckley/agnostic-prompt-standard"
  content_based_on: "https://owasp.org/www-project-open-source-software-top-10/"

OSS Vulnerabilities — Skill Entry

This SKILL.md is the entrypoint for the OSS Vulnerabilities skill.

The skill encodes the OWASP Open Source Software Top 10 as structured, machine-readable references that an agent can query to identify, assess, and remediate risks associated with open source software dependencies.

Normative references (OSS Top 10)

  1. 00 Vulnerability Index
  2. 01 Known Vulnerabilities
  3. 02 Compromise of Legitimate Package
  4. 03 Name Confusion Attacks
  5. 04 Unmaintained Software
  6. 05 Outdated Software
  7. 06 Untracked Dependencies
  8. 07 License and Regulatory Risk
  9. 08 Immature Software
  10. 09 Unapproved Change
  11. 10 Under/Over-sized Dependency

Skill layout

  • SKILL.md — this file (skill entrypoint).
  • references/ — the OSS Top 10 normative documents.
    • 00-vulnerability-index.md — master index of all vulnerability identifiers, categories, and cross-references.
    • 01 through 10 — one document per vulnerability aligned with OWASP OSS Risk numbering.
  • assets/ — reusable format and constants blocks.
    • constants/ — vulnerability catalog and category definitions.
      • constants-oss-catalog-v1.0.0.md
    • formats/ — output contract examples.
      • format-vulnerability-assessment-v1.0.0.md
      • format-remediation-checklist-v1.0.0.md