common-llm-security
$
npx mdskill add HoangNguyen0403/agent-skills-standard/common-llm-security- **Check LLM01 first**: Prompt injection #1 LLM finding — any user input concatenated directly into prompt string immediate P0. - **Check LLM06 next**: Agent tools with write/delete/execute capabilities without confirmation P0. - **Mark each item**: ✅ not affected | ⚠️ needs review | 🔴 confirmed finding. - **P0 finding caps Security score at 40/100** — not skip any item. - See [references/owasp-llm.md](references/owasp-llm.md) for full detection signals.
SKILL.md
.github/skills/common-llm-securityView on GitHub ↗
---
name: common-llm-security
description: OWASP LLM Top 10 (2025) audit checklist for AI applications, agent tools, RAG pipelines, and prompt construction. Use when performing any security review touching LLM client code, prompt templates, agent tools, or vector stores.
metadata:
triggers:
keywords:
- LLM security
- prompt injection
- agent security
- RAG security
- AI security
- openai
- anthropic
- langchain
- LLM review
---
# OWASP LLM Top 10 Security Checklist (2025)
## **Priority: P0 (CRITICAL)**
## Implementation Guidelines
- **Check LLM01 first**: Prompt injection #1 LLM finding — any user input concatenated directly into prompt string immediate P0.
- **Check LLM06 next**: Agent tools with write/delete/execute capabilities without confirmation P0.
- **Mark each item**: ✅ not affected | ⚠️ needs review | 🔴 confirmed finding.
- **P0 finding caps Security score at 40/100** — not skip any item.
- See [references/owasp-llm.md](references/owasp-llm.md) for full detection signals.
## OWASP LLM Top 10 (2025)
| ID | Risk | Key Detection Signal |
| ----- | ---- | -------------------- |
| LLM01 | Prompt Injection | User input string-concatenated into prompt. Retrieved docs inserted into system turn. |
| LLM02 | Sensitive Information Disclosure | PII or credentials passed into prompt context. LLM response logged without redaction. |
| LLM03 | Supply Chain | Unverified model weights or plugins. Third-party agent added without trust review. |
| LLM04 | Data & Model Poisoning | User-controlled data written to training sets or embedding stores without validation. |
| LLM05 | Improper Output Handling | LLM output used directly in DOM sink, SQL query, shell command, or redirect URL. |
| LLM06 | Excessive Agency | Agent tool with write/delete/network access — no human-in--loop confirmation. |
| LLM07 | System Prompt Leakage | System prompt content returned via tool output, error message, or API response. |
| LLM08 | Vector & Embedding Weaknesses | User text injected into vector store without sanitization. No tenant namespace isolation. |
| LLM09 | Misinformation | LLM output used for critical decisions (medical, financial, legal) without verification. |
| LLM10 | Unbounded Consumption | No `max_tokens` on LLM call. No rate limit on invocations. Agent loop without depth cap. |
## Anti-Patterns
- **No prompt concat**: Pass user input as separate `user` turn, never interpolated into system prompts.
- **No raw LLM output in sinks**: Sanitize LLM responses before writing to DOM, queries, or shell.
- **No uncapped agent loops**: Every agentic recursion must enforce max iteration/depth limit.
## References
- [OWASP LLM — Full Detection Signals](references/owasp-llm.md) — load when auditing any LLM client codeMore from HoangNguyen0403/agent-skills-standard
- android-agp-upgradeUpgrade an Android project to Android Gradle Plugin (AGP) 9. Use when migrating to AGP 9, updating Gradle build files, migrating to built-in Kotlin, or adopting the new AGP DSL.
- android-architectureApply Clean Architecture layering, modularization, and Unidirectional Data Flow in Android projects. Use when setting up project structure, placing code in layers, configuring feature/core modules, or implementing UDF patterns.
- android-background-workImplement WorkManager and background processing correctly on Android. Use when creating Worker classes, scheduling tasks, choosing between WorkManager and Foreground Services, or setting up Hilt in workers.
- android-composeBuild high-performance declarative UI with Jetpack Compose. Use when writing Composable functions, optimizing recomposition, hoisting state, or working with LazyColumn and side effects.
- android-compose-migrationMigrate an Android XML View to Jetpack Compose following a structured 10-step workflow. Use when converting XML layouts to Compose, setting up Compose in an existing View-based project, or incrementally adopting Compose.
- android-concurrencyWrite correct coroutine scopes, Flow collection, and dispatcher injection in Android. Use when writing suspend functions, choosing between StateFlow and SharedFlow, or injecting Dispatchers for testability.
- android-deploymentConfigure release signing, R8 obfuscation, and App Bundle publishing for Android. Use when setting up signing configs, enabling minification, adding ProGuard keep rules, or preparing for Play Store submission.
- android-design-systemEnforce Material Design 3 theming and design token usage in Jetpack Compose. Use when implementing M3 components, color schemes, typography, or design tokens.
- android-diConfigure Hilt dependency injection with proper scoping, modules, and constructor injection in Android. Use when setting up Hilt DI, defining modules, or configuring component scoping.
- android-edge-to-edgeMigrate a Jetpack Compose app to edge-to-edge display and fix system bar inset issues. Use when UI components are obscured by navigation/status bars, fixing IME insets, or enabling edge-to-edge for SDK 35+.