AgentSkillsCN

serverless-vulnerabilities

OWASP 无服务器十大漏洞知识库,用于识别、评估并修复无服务器应用环境中的安全风险。

SKILL.md
--- frontmatter
name: serverless-vulnerabilities
description: OWASP Serverless Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in serverless application environments.
license: MIT
metadata:
  authors: "OWASP Serverless Security Project"
  spec_version: "1.0"
  framework_revision: "1.0.0"
  last_updated: "2026-02-13"
  skill_based_on: "https://github.com/chris-buckley/agnostic-prompt-standard"
  content_based_on: "https://owasp.org/www-project-serverless-top-10/"

Serverless Vulnerabilities — Skill Entry

This SKILL.md is the entrypoint for the Serverless Vulnerabilities skill.

The skill encodes the OWASP Top 10 Serverless Interpretation as structured, machine-readable references that an agent can query to identify, assess, and remediate serverless application security risks.

Normative references (Serverless Top 10)

  1. 00 Vulnerability Index
  2. 01 Injection
  3. 02 Broken Authentication
  4. 03 Sensitive Data Exposure
  5. 04 XML External Entities
  6. 05 Broken Access Control
  7. 06 Security Misconfiguration
  8. 07 Cross-Site Scripting
  9. 08 Insecure Deserialization
  10. 09 Using Components with Known Vulnerabilities
  11. 10 Insufficient Logging and Monitoring

Skill layout

  • SKILL.md — this file (skill entrypoint).
  • references/ — the Serverless Top 10 normative documents.
    • 00-vulnerability-index.md — master index of all vulnerability identifiers, categories, and cross-references.
    • 01 through 10 — one document per vulnerability aligned with OWASP Top 10 2017 numbering.
  • assets/ — reusable format and constants blocks.
    • constants/ — vulnerability catalog and category definitions.
      • constants-serverless-catalog-v1.0.0.md
    • formats/ — output contract examples.
      • format-vulnerability-assessment-v1.0.0.md
      • format-remediation-checklist-v1.0.0.md