pentest-ai-llm-security
Installation
SKILL.md
Pentest AI/LLM Security
Purpose
AI-integrated applications introduce entirely new attack surfaces. Prompt injection is the "SQLi of AI." Neither Shannon nor any existing skill addresses this domain. OWASP LLM Top 10 (2025) defines the methodology.
Prerequisites
Authorization Requirements
- Written authorization with AI/LLM testing scope explicitly included
- Model access details — API endpoints, model versions, tool/function access
- Data sensitivity classification — what data the LLM can access
- Rate limit awareness — LLM API costs can escalate quickly
Environment Setup
- Garak for automated LLM vulnerability scanning
- Burp Suite for API interception of LLM requests/responses
- Python scripts for custom prompt injection payloads
- Local proxy to capture full request/response chains