DiscordSign up
SKILLS.SH

llm-security

Security guidelines for LLM applications based on OWASP Top 10 for LLM 2025. Use when building LLM apps, reviewing AI security, implementing RAG systems, or…

INSTALLATION
npx skills add https://github.com/semgrep/skills --skill llm-security
Run in your project or agent environment. Adjust flags if your CLI version differs.

SKILL.md

$28

Building...

Priority Rules

Chatbot / conversational AI

Prompt Injection (LLM01), System Prompt Leakage (LLM07), Output Handling (LLM05), Unbounded Consumption (LLM10)

RAG system

Vector/Embedding Weaknesses (LLM08), Prompt Injection (LLM01), Sensitive Disclosure (LLM02), Misinformation (LLM09)

AI agent with tools

Excessive Agency (LLM06), Prompt Injection (LLM01), Output Handling (LLM05), Sensitive Disclosure (LLM02)

Fine-tuning / training

Data Poisoning (LLM04), Supply Chain (LLM03), Sensitive Disclosure (LLM02)

LLM-powered API

Unbounded Consumption (LLM10), Prompt Injection (LLM01), Output Handling (LLM05), Sensitive Disclosure (LLM02)

Content generation

Misinformation (LLM09), Output Handling (LLM05), Prompt Injection (LLM01)

Categories

Critical Impact

  • LLM01: Prompt Injection (rules/prompt-injection.md) - Prevent direct and indirect prompt manipulation
  • LLM02: Sensitive Information Disclosure (rules/sensitive-disclosure.md) - Protect PII, credentials, and proprietary data
  • LLM03: Supply Chain (rules/supply-chain.md) - Secure model sources, training data, and dependencies
  • LLM04: Data and Model Poisoning (rules/data-poisoning.md) - Prevent training data manipulation and backdoors
  • LLM05: Improper Output Handling (rules/output-handling.md) - Sanitize LLM outputs before downstream use

High Impact

  • LLM06: Excessive Agency (rules/excessive-agency.md) - Limit LLM permissions, functionality, and autonomy
  • LLM07: System Prompt Leakage (rules/system-prompt-leakage.md) - Protect system prompts from disclosure
  • LLM08: Vector and Embedding Weaknesses (rules/vector-embedding.md) - Secure RAG systems and embeddings
  • LLM09: Misinformation (rules/misinformation.md) - Mitigate hallucinations and false outputs
  • LLM10: Unbounded Consumption (rules/unbounded-consumption.md) - Prevent DoS, cost attacks, and model theft

See rules/_sections.md for the full index with OWASP/MITRE references.

Quick Reference

Vulnerability

Key Prevention

Prompt Injection

Input validation, output filtering, privilege separation

Sensitive Disclosure

Data sanitization, access controls, encryption

Supply Chain

Verify models, SBOM, trusted sources only

Data Poisoning

Data validation, anomaly detection, sandboxing

Output Handling

Treat LLM as untrusted, encode outputs, parameterize queries

Excessive Agency

Least privilege, human-in-the-loop, minimize extensions

System Prompt Leakage

No secrets in prompts, external guardrails

Vector/Embedding

Access controls, data validation, monitoring

Misinformation

RAG, fine-tuning, human oversight, cross-verification

Unbounded Consumption

Rate limiting, input validation, resource monitoring

Key Principles

  • Never trust LLM output - Validate and sanitize all outputs before use
  • Least privilege - Grant minimum necessary permissions to LLM systems
  • Defense in depth - Layer multiple security controls
  • Human oversight - Require approval for high-impact actions
  • Monitor and log - Track all LLM interactions for anomaly detection

References

BrowserAct

Let your agent run on any real-world website

Bypass CAPTCHA & anti-bot for free. Start local, scale to cloud.

Explore BrowserAct Skills →

Related skills

azure-compliance
3/3

Azure compliance scanning, Key Vault expiration auditing, and resource configuration validation. Runs azqr (Azure Quick Review) for comprehensive compliance assessment against best practices across subscriptions and resource groups Monitors Key Vault keys, secrets, and certificates for expiration dates and identifies items without expiration policies Detects orphaned, misconfigured, and non-compliant resources using Resource Graph queries Classifies findings by priority (Critical, High, Medium, Low) with remediation guidance for each issue

Verified authormicrosoft
SKILLS.SH
293K1.1K
2026-05-22
openclaw-secure-linux-cloud
1/3

Use when self-hosting OpenClaw on a cloud server, hardening a remote OpenClaw gateway, choosing between SSH tunneling, Tailscale, or reverse-proxy exposure, or…

xixu-me
SKILLS.SH
150K53
2026-05-22
entra-agent-id
3/3

Provision Microsoft Entra Agent Identity Blueprints, BlueprintPrincipals, and per-instance Agent Identities via Microsoft Graph, and configure OAuth 2.0 token…

Verified authormicrosoft
SKILLS.SH
59.1K1.1K
2026-05-21
firebase-security-rules-auditor
3/3

A skill to evaluate how secure Firestore security rules are. Use this when Firestore security rules are updated to ensure that the generated rules are…

firebase
SKILLS.SH
23.5K292
2026-05-21

Stop writing automation&scrapers

Install the CLI. Run your first Skill in 30 seconds. Scale when you're ready.

Start free
free · no credit card