owasp-mcp
OWASP MCP Top 10 — Skill Entry
This SKILL.md is the entrypoint for the MCP Vulnerabilities skill.
The skill encodes the OWASP MCP Top 10 (2025) as structured, machine-readable references that an agent can query to identify, assess, and remediate MCP security risks.
Normative references (MCP Top 10)
- 00 Vulnerability Index
- 01 Token Mismanagement and Secret Exposure
- 02 Privilege Escalation via Scope Creep
- 03 Tool Poisoning
- 04 Software Supply Chain Attacks and Dependency Tampering
- 05 Command Injection and Execution
- 06 Prompt Injection via Contextual Payloads
- 07 Insufficient Authentication and Authorization
- 08 Lack of Audit and Telemetry
- 09 Shadow MCP Servers
More from microsoft/hve-core
powerpoint
PowerPoint slide deck generation and management using python-pptx with YAML-driven content and styling - Brought to you by microsoft/hve-core
113hve-core-installer
Decision-driven installer for HVE-Core with 6 clone-based installation methods, extension quick-install, environment detection, and agent customization workflows - Brought to you by microsoft/hve-core
21owasp-top-10
OWASP Top 10 for Web Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in web application environments - Brought to you by microsoft/hve-core.
20video-to-gif
Video-to-GIF conversion skill with FFmpeg two-pass optimization - Brought to you by microsoft/hve-core
16gitlab
Manage GitLab merge requests and pipelines with a Python CLI - Brought to you by microsoft/hve-core
15owasp-agentic
OWASP Agentic Security Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in AI agent systems - Brought to you by microsoft/hve-core.
15