owasp-llm-top-10
OWASP Top 10 for LLM Applications
This skill encodes the OWASP Top 10 for Large Language Model Applications for secure LLM/GenAI design and review. References are loaded per risk. Based on OWASP Top 10 for LLM Applications 2025.
When to Read Which Reference
| Risk | Read |
|---|---|
| LLM01 Prompt Injection | references/llm01-prompt-injection.md |
| LLM02 Sensitive Information Disclosure | references/llm02-sensitive-information-disclosure.md |
| LLM03 Training Data & Supply Chain | references/llm03-training-data-supply-chain.md |
| LLM04 Data and Model Poisoning | references/llm04-data-model-poisoning.md |
| LLM05 Improper Output Handling | references/llm05-improper-output-handling.md |
| LLM06 Excessive Agency | references/llm06-excessive-agency.md |
| LLM07 System Prompt Leakage | references/llm07-system-prompt-leakage.md |
| LLM08 Vector and Embedding Weaknesses | references/llm08-vector-embedding-weaknesses.md |
| LLM09 Misinformation | references/llm09-misinformation.md |
| LLM10 Unbounded Consumption | references/llm10-unbounded-consumption.md |
More from yariv1025/skills
owasp-mobile-top-10
OWASP Mobile Top 10 - prevention, detection, and remediation for iOS/Android app security. Use when building or reviewing mobile apps - credentials, supply chain, auth, input/output validation, communication, privacy, binary protection, config, data storage, cryptography.
16owasp-api-security-top-10
OWASP API Security Top 10 - prevention, detection, and remediation for REST/GraphQL/API security. Use when designing or reviewing APIs - object- and function-level authorization, authentication, rate limiting and resource consumption, sensitive business flows, SSRF, API inventory and versioning, or consumption of third-party APIs.
14agent-dev-guardrails
Enforce disciplined agent development workflows with plan-first development, small-slice execution, specialized self-review roles, quality gates, and project setup. Use when starting a new project, setting up development conventions, wanting structured planning, or needing the agent to follow best practices for code quality, review, and validation.
8owasp-iot-top-10
OWASP IoT Top 10 - prevention, detection, and remediation for IoT device and ecosystem security. Use when designing or reviewing IoT devices - passwords, network services, ecosystem interfaces, secure updates, components, data transfer/storage, device management, default settings, physical hardening, privacy.
7owasp-serverless-top-10
OWASP Serverless Top 10 - prevention, detection, and remediation for serverless (Lambda, Functions) security. Use when building or reviewing serverless apps - event injection, over-permissioned functions, insecure deps, secrets, config, and other serverless-specific interpretations of the Web Top 10.
7owasp-privacy-top-10
OWASP Top 10 Privacy Risks - prevention, detection, and remediation for privacy in web applications. Use when addressing app vulnerabilities, data leakage, breach response, consent, transparency, data deletion, data quality, session expiration, user access rights, excessive data collection.
6