Agent Owasp Compliance
Run an OWASP ASI Top 10 gap analysis on an autonomous agent codebase before production or audit.
Overview
Agent OWASP Compliance is an agent skill most often used in Ship (also Validate) that checks autonomous agent codebases against the OWASP ASI Top 10 and produces a scored compliance report.
Install
npx skills add https://github.com/github/awesome-copilot --skill agent-owasp-complianceWhat is this skill?
- Scans implementations against all 10 OWASP Agentic Security Initiative (ASI) risks
- Covers prompt injection, tool governance, agency boundaries, escalation, and supply chain
- Maps existing controls to ASI categories and scores coverage (X/10)
- Generates a structured compliance report for security review or audit
- Supports framework comparison against ASI 2026 expectations
- 10 OWASP ASI risk categories (ASI-01 through ASI-10)
- Compliance report summarizes coverage as X/10 risks addressed
Adoption & trust: 878 installs on skills.sh; 34.6k GitHub stars; 3/3 security scanners passed (skills.sh audits).
What problem does it solve?
You are about to ship an agent that uses tools and APIs, but you lack a structured view of agentic-specific risks versus OWASP ASI expectations.
Who is it for?
Indie builders with custom agent loops, tool routers, or MCP-style integrations who need a standard checklist before launch or investor diligence.
Skip if: Teams that only run a chat UI with no tools, or orgs that already completed a formal third-party pentest and only need ticket triage—not a substitute for legal/compliance sign-off.
When should I use this skill?
Evaluating agent security before production, ASI 2026 compliance checks, mapping controls to agentic risks, or requests like "is my agent OWASP compliant?" or "agentic security audit".
What do I get? / Deliverables
You receive a mapped assessment across all ten ASI risks with coverage scoring and a report you can hand to security review or use to prioritize fixes before deploy.
- ASI Top 10 compliance report with per-risk findings
- Coverage score (X/10) and gap list for remediation
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Canonical shelf is Ship because the skill targets pre-deployment security posture and compliance reports for release gates. Security subphase fits mapping controls to ASI-01 through ASI-10 and producing audit-ready compliance output.
Where it fits
Compare agent framework security features against ASI before committing to a tool-calling architecture.
Verify tool-use governance and logging controls while wiring MCP servers and action handlers.
Run a full ASI mapping and X/10 report immediately before production deployment.
Re-check behavioral monitoring and audit controls after adding new tools or data sources post-launch.
How it compares
Structured ASI Top 10 agent audit versus ad-hoc "read my repo for bugs" chat reviews.
Common Questions / FAQ
Who is agent-owasp-compliance for?
Solo and indie developers building tool-using AI agents in Claude Code, Cursor, or Codex who need OWASP ASI alignment before production or audit conversations.
When should I use agent-owasp-compliance?
During Validate when scoping agent permissions and integrations, during Build when adding tools and escalation paths, and during Ship before deployment, compliance checks, or when asked if your agent is OWASP ASI compliant.
Is agent-owasp-compliance safe to install?
Treat it like any skill that reads your repository: review the Security Audits panel on this Prism page and limit scope to code you are willing to expose to the agent during the scan.
SKILL.md
READMESKILL.md - Agent Owasp Compliance
# Agent OWASP ASI Compliance Check Evaluate AI agent systems against the OWASP Agentic Security Initiative (ASI) Top 10 — the industry standard for agent security posture. ## Overview The OWASP ASI Top 10 defines the critical security risks specific to autonomous AI agents — not LLMs, not chatbots, but agents that call tools, access systems, and act on behalf of users. This skill checks whether your agent implementation addresses each risk. ``` Codebase → Scan for each ASI control: ASI-01: Prompt Injection Protection ASI-02: Tool Use Governance ASI-03: Agency Boundaries ASI-04: Escalation Controls ASI-05: Trust Boundary Enforcement ASI-06: Logging & Audit ASI-07: Identity Management ASI-08: Policy Integrity ASI-09: Supply Chain Verification ASI-10: Behavioral Monitoring → Generate Compliance Report (X/10 covered) ``` ## The 10 Risks | Risk | Name | What to Look For | |------|------|-----------------| | ASI-01 | Prompt Injection | Input validation before tool calls, not just LLM output filtering | | ASI-02 | Insecure Tool Use | Tool allowlists, argument validation, no raw shell execution | | ASI-03 | Excessive Agency | Capability boundaries, scope limits, principle of least privilege | | ASI-04 | Unauthorized Escalation | Privilege checks before sensitive operations, no self-promotion | | ASI-05 | Trust Boundary Violation | Trust verification between agents, signed credentials, no blind trust | | ASI-06 | Insufficient Logging | Structured audit trail for all tool calls, tamper-evident logs | | ASI-07 | Insecure Identity | Cryptographic agent identity, not just string names | | ASI-08 | Policy Bypass | Deterministic policy enforcement, no LLM-based permission checks | | ASI-09 | Supply Chain Integrity | Signed plugins/tools, integrity verification, dependency auditing | | ASI-10 | Behavioral Anomaly | Drift detection, circuit breakers, kill switch capability | --- ## Check ASI-01: Prompt Injection Protection Look for input validation that runs **before** tool execution, not after LLM generation. ```python import re from pathlib import Path def check_asi_01(project_path: str) -> dict: """ASI-01: Is user input validated before reaching tool execution?""" positive_patterns = [ "input_validation", "validate_input", "sanitize", "classify_intent", "prompt_injection", "threat_detect", "PolicyEvaluator", "PolicyEngine", "check_content", ] negative_patterns = [ r"eval\(", r"exec\(", r"subprocess\.run\(.*shell=True", r"os\.system\(", ] # Scan Python files for signals root = Path(project_path) positive_matches = [] negative_matches = [] for py_file in root.rglob("*.py"): content = py_file.read_text(errors="ignore") for pattern in positive_patterns: if pattern in content: positive_matches.append(f"{py_file.name}: {pattern}") for pattern in negative_patterns: if re.search(pattern, content): negative_matches.append(f"{py_file.name}: {pattern}") positive_found = len(positive_matches) > 0 negative_found = len(negative_matches) > 0 return { "risk": "ASI-01", "name": "Prompt Injection", "status": "pass" if positive_found and not negative_found else "fail", "controls_found": positive_matches, "vulnera