owasp-llm-top-10
3
总安装量
3
周安装量
#55272
全站排名
安装命令
npx skills add https://github.com/yariv1025/skills --skill owasp-llm-top-10
Agent 安装分布
cursor
3
amp
2
gemini-cli
2
github-copilot
2
codex
2
kimi-cli
2
Skill 文档
OWASP Top 10 for LLM Applications
This skill encodes the OWASP Top 10 for Large Language Model Applications for secure LLM/GenAI design and review. References are loaded per risk. Based on OWASP Top 10 for LLM Applications 2025.
When to Read Which Reference
| Risk | Read |
|---|---|
| LLM01 Prompt Injection | references/llm01-prompt-injection.md |
| LLM02 Sensitive Information Disclosure | references/llm02-sensitive-information-disclosure.md |
| LLM03 Training Data & Supply Chain | references/llm03-training-data-supply-chain.md |
| LLM04 Data and Model Poisoning | references/llm04-data-model-poisoning.md |
| LLM05 Improper Output Handling | references/llm05-improper-output-handling.md |
| LLM06 Excessive Agency | references/llm06-excessive-agency.md |
| LLM07 System Prompt Leakage | references/llm07-system-prompt-leakage.md |
| LLM08 Vector and Embedding Weaknesses | references/llm08-vector-embedding-weaknesses.md |
| LLM09 Misinformation | references/llm09-misinformation.md |
| LLM10 Unbounded Consumption | references/llm10-unbounded-consumption.md |
Quick Patterns
- Treat all user and external input as untrusted; validate and sanitize LLM outputs before use (XSS, SSRF, RCE). Limit agency and tool use; protect system prompts and RAG data. Apply rate limits and cost controls.
Quick Reference / Examples
| Task | Approach |
|---|---|
| Prevent prompt injection | Use delimiters, validate input, separate system/user context. See LLM01. |
| Protect sensitive data | Filter PII from training/prompts, apply output guards. See LLM02. |
| Validate LLM output | Sanitize before rendering (XSS) or executing (RCE). See LLM05. |
| Limit agency | Require human approval for destructive actions; scope tool permissions. See LLM06. |
| Control costs | Apply token limits, rate limiting, and budget caps. See LLM10. |
Safe – delimiter and input validation:
system_prompt = """You are a helpful assistant.
<user_input>
{sanitized_user_input}
</user_input>
Answer based only on the user input above."""
Unsafe – direct concatenation (injection risk):
prompt = f"Answer this question: {user_input}" # User can inject instructions
Output sanitization before rendering:
import html
safe_output = html.escape(llm_response) # Prevent XSS if rendering in browser
Workflow
Load the reference for the risk you are addressing. See OWASP Top 10 for LLM Applications and genai.owasp.org for the official list.