AgentSkillsCN

owasp-llm-top-10

OWASP移动应用安全十大风险——涵盖iOS与Android应用的安全防护、检测与修复。适用于移动应用的构建与评审:从凭证管理、供应链安全、身份认证、输入与输出验证、通信安全、隐私保护、二进制代码防护、配置管理、数据存储,再到加密算法与数据加密等环节。

SKILL.md
--- frontmatter
name: owasp-llm-top-10
description: "OWASP Top 10 for LLM Applications - prevention, detection, and remediation for LLM and GenAI security. Use when building or reviewing LLM apps - prompt injection, information disclosure, training/supply chain, poisoning, output handling, excessive agency, system prompt leakage, vectors/embeddings, misinformation, unbounded consumption."

OWASP Top 10 for LLM Applications

This skill encodes the OWASP Top 10 for Large Language Model Applications for secure LLM/GenAI design and review. References are loaded per risk. Based on OWASP Top 10 for LLM Applications 2025.

When to Read Which Reference

RiskRead
LLM01 Prompt Injectionreferences/llm01-prompt-injection.md
LLM02 Sensitive Information Disclosurereferences/llm02-sensitive-information-disclosure.md
LLM03 Training Data & Supply Chainreferences/llm03-training-data-supply-chain.md
LLM04 Data and Model Poisoningreferences/llm04-data-model-poisoning.md
LLM05 Improper Output Handlingreferences/llm05-improper-output-handling.md
LLM06 Excessive Agencyreferences/llm06-excessive-agency.md
LLM07 System Prompt Leakagereferences/llm07-system-prompt-leakage.md
LLM08 Vector and Embedding Weaknessesreferences/llm08-vector-embedding-weaknesses.md
LLM09 Misinformationreferences/llm09-misinformation.md
LLM10 Unbounded Consumptionreferences/llm10-unbounded-consumption.md

Quick Patterns

  • Treat all user and external input as untrusted; validate and sanitize LLM outputs before use (XSS, SSRF, RCE). Limit agency and tool use; protect system prompts and RAG data. Apply rate limits and cost controls.

Quick Reference / Examples

TaskApproach
Prevent prompt injectionUse delimiters, validate input, separate system/user context. See LLM01.
Protect sensitive dataFilter PII from training/prompts, apply output guards. See LLM02.
Validate LLM outputSanitize before rendering (XSS) or executing (RCE). See LLM05.
Limit agencyRequire human approval for destructive actions; scope tool permissions. See LLM06.
Control costsApply token limits, rate limiting, and budget caps. See LLM10.

Safe - delimiter and input validation:

python
system_prompt = """You are a helpful assistant.
<user_input>
{sanitized_user_input}
</user_input>
Answer based only on the user input above."""

Unsafe - direct concatenation (injection risk):

python
prompt = f"Answer this question: {user_input}"  # User can inject instructions

Output sanitization before rendering:

python
import html
safe_output = html.escape(llm_response)  # Prevent XSS if rendering in browser

Workflow

Load the reference for the risk you are addressing. See OWASP Top 10 for LLM Applications and genai.owasp.org for the official list.