Owasp Agentic

Name: Owasp Agentic
Author: microsoft

microsoft/hve-core

Look up OWASP Top 10 for Agentic Applications (2026) IDs, categories, and cross-references while designing or reviewing agents.

Install

npx skills add https://github.com/microsoft/hve-core --skill owasp-agentic

What is this skill?

Full catalog of 10 OWASP agentic vulnerabilities ASI01:2026 through ASI10:2026
Categories: Goal Integrity, Tool Security, Access Control, Supply Chain, Execution Safety, Data Integrity, Communication
Cross-reference matrix aligning each ID with consistent document structure (description, manifestations, etc.)
Index skill for Microsoft HVE OWASP agentic guidance—not a penetration test runner
2026 edition identifiers for agent goal hijack, tool misuse, rogue agents, and related classes

Adoption & trust: 35 installs on skills.sh; 1.1k GitHub stars; 3/3 security scanners passed (skills.sh audits).

Recommended Skills

Azure Compliancemicrosoft/azure-skills

Azure Compliance is a Microsoft agent skill for solo builders and small teams who need structured security and complianc…373k installs·1.2k stars

Openclaw Secure Linux Cloudxixu-me/skills

OpenClaw Secure Linux Cloud guides a hardened VPS deployment—rootless Podman, loopback-only gateway, SSH-tunneled Contro…201k installs·61 stars

Entra Agent Idmicrosoft/azure-skills

entra-agent-id is a Microsoft-authored agent skill for provisioning and operating OAuth-capable identities tailored to A…99.1k installs·1.2k stars

Firebase Security Rules Auditorfirebase/agent-skills

Firebase Security Rules Auditor turns your agent into a senior penetration-style reviewer for Firestore rulesets. Solo b…40.3k installs·345 stars

Firestore Security Rules Auditorfirebase/agent-skills

Firestore-security-rules-auditor is a checker skill for solo builders and small teams shipping Firebase-backed apps who …20.3k installs·345 stars

Skill Vetteruseai-pro/openclaw-skills-security

Skill Vetter is a security-first OpenClaw agent skill that makes your coding agent behave like a pre-install auditor for…19.2k installs·62 stars

Journey fit

Primary fit

Agentic threat modeling is cataloged under Ship security as the canonical shelf, but the index is referenced whenever you design, launch, or operate autonomous systems. Security subphase holds compliance-oriented references; this skill is the vocabulary layer for ASI01–ASI10 during reviews and architecture discussions.

Common Questions / FAQ

Is Owasp Agentic safe to install?

skills.sh reports 3 of 3 security scanners passed. Review the Security Audits panel on this page before installing in production.

SKILL.md

READMESKILL.md - Owasp Agentic

# 00 Vulnerability Index

This document provides the index for the OWASP Top 10 for Agentic Applications (2026) vulnerabilities.
Each entry includes its identifier, title, and primary category.

## Vulnerability catalog

| ID         | Title                                | Category               |
|------------|--------------------------------------|------------------------|
| ASI01:2026 | Agent Goal Hijack                    | Goal Integrity         |
| ASI02:2026 | Tool Misuse and Exploitation         | Tool Security          |
| ASI03:2026 | Identity and Privilege Abuse         | Access Control         |
| ASI04:2026 | Agentic Supply Chain Vulnerabilities | Supply Chain           |
| ASI05:2026 | Unexpected Code Execution            | Execution Safety       |
| ASI06:2026 | Memory and Context Poisoning         | Data Integrity         |
| ASI07:2026 | Insecure Inter-Agent Communication   | Communication Security |
| ASI08:2026 | Cascading Failures                   | Resilience             |
| ASI09:2026 | Human-Agent Trust Exploitation       | Human Factors          |
| ASI10:2026 | Rogue Agents                         | Behavioral Integrity   |

## Cross-reference matrix

Each vulnerability document follows a consistent structure:

1. Description — what the vulnerability is and how it manifests in agentic systems.
2. Risk — potential impacts and consequences of the vulnerability.
3. Vulnerability checklist — conditions and patterns that indicate the vulnerability is present.
4. Prevention controls — proactive measures to prevent the vulnerability.
5. Example attack scenarios — realistic exploitation narratives.
6. Detection guidance — how to detect if the vulnerability exists or is being exploited.
7. Remediation — concrete actions to fix identified instances.

## Category groupings

### Goal Integrity

* ASI01:2026 Agent Goal Hijack

### Tool Security

* ASI02:2026 Tool Misuse and Exploitation

### Access Control

* ASI03:2026 Identity and Privilege Abuse

### Supply Chain

* ASI04:2026 Agentic Supply Chain Vulnerabilities

### Execution Safety

* ASI05:2026 Unexpected Code Execution

### Data Integrity

* ASI06:2026 Memory and Context Poisoning

### Communication Security

* ASI07:2026 Insecure Inter-Agent Communication

### Resilience

* ASI08:2026 Cascading Failures

### Human Factors

* ASI09:2026 Human-Agent Trust Exploitation

### Behavioral Integrity

* ASI10:2026 Rogue Agents

## Related OWASP projects

* OWASP Top 10 for LLM Applications (2025) — foundational LLM risks that agentic vulnerabilities build upon.
* OWASP Agentic AI Threats and Mitigations Guide — detailed threat modeling for agentic systems.
* OWASP AI Vulnerability Scoring System (AIVSS) — severity scoring framework for AI-specific risks.

---

Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
(<https://creativecommons.org/licenses/by-sa/4.0/>).
Modifications: Restructured into agent-consumable reference format with added
detection and remediation guidance.

*🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*


---
title: 'ASI01: Agent Goal Hijack'
description: OWASP Agentic Top 10 reference for agent goal hijack vulnerabilities where adversaries redirect autonomous agent objectives
---

# 01 Agent Goal Hijack

Identifier: ASI01:2026
Category: Goal Integrity

## Description

AI agents exhibit autonomous ability to execute a series of tasks to achieve a goal.
Attackers can manipulate an agent's objectives, task selection, or decision pathways through
prompt-based manipulation, deceptive tool outputs, malicious artefacts, forged agent-to-agent
messages, or poisoned external data.
Because agents rely on untyped natural-language inputs and loosely go

What is this skill?

Full catalog of 10 OWASP agentic vulnerabilities ASI01:2026 through ASI10:2026

Categories: Goal Integrity, Tool Security, Access Control, Supply Chain, Execution Safety, Data Integrity, Communication

Cross-reference matrix aligning each ID with consistent document structure (description, manifestations, etc.)

Index skill for Microsoft HVE OWASP agentic guidance—not a penetration test runner

2026 edition identifiers for agent goal hijack, tool misuse, rogue agents, and related classes

Adoption & trust: 35 installs on skills.sh; 1.1k GitHub stars; 3/3 security scanners passed (skills.sh audits).

Journey fit

Primary fit

SKILL.md

READMESKILL.md - Owasp Agentic

# 00 Vulnerability Index

This document provides the index for the OWASP Top 10 for Agentic Applications (2026) vulnerabilities.
Each entry includes its identifier, title, and primary category.

## Vulnerability catalog

| ID         | Title                                | Category               |
|------------|--------------------------------------|------------------------|
| ASI01:2026 | Agent Goal Hijack                    | Goal Integrity         |
| ASI02:2026 | Tool Misuse and Exploitation         | Tool Security          |
| ASI03:2026 | Identity and Privilege Abuse         | Access Control         |
| ASI04:2026 | Agentic Supply Chain Vulnerabilities | Supply Chain           |
| ASI05:2026 | Unexpected Code Execution            | Execution Safety       |
| ASI06:2026 | Memory and Context Poisoning         | Data Integrity         |
| ASI07:2026 | Insecure Inter-Agent Communication   | Communication Security |
| ASI08:2026 | Cascading Failures                   | Resilience             |
| ASI09:2026 | Human-Agent Trust Exploitation       | Human Factors          |
| ASI10:2026 | Rogue Agents                         | Behavioral Integrity   |

## Cross-reference matrix

Each vulnerability document follows a consistent structure:

1. Description — what the vulnerability is and how it manifests in agentic systems.
2. Risk — potential impacts and consequences of the vulnerability.
3. Vulnerability checklist — conditions and patterns that indicate the vulnerability is present.
4. Prevention controls — proactive measures to prevent the vulnerability.
5. Example attack scenarios — realistic exploitation narratives.
6. Detection guidance — how to detect if the vulnerability exists or is being exploited.
7. Remediation — concrete actions to fix identified instances.

## Category groupings

### Goal Integrity

* ASI01:2026 Agent Goal Hijack

### Tool Security

* ASI02:2026 Tool Misuse and Exploitation

### Access Control

* ASI03:2026 Identity and Privilege Abuse

### Supply Chain

* ASI04:2026 Agentic Supply Chain Vulnerabilities

### Execution Safety

* ASI05:2026 Unexpected Code Execution

### Data Integrity

* ASI06:2026 Memory and Context Poisoning

### Communication Security

* ASI07:2026 Insecure Inter-Agent Communication

### Resilience

* ASI08:2026 Cascading Failures

### Human Factors

* ASI09:2026 Human-Agent Trust Exploitation

### Behavioral Integrity

* ASI10:2026 Rogue Agents

## Related OWASP projects

* OWASP Top 10 for LLM Applications (2025) — foundational LLM risks that agentic vulnerabilities build upon.
* OWASP Agentic AI Threats and Mitigations Guide — detailed threat modeling for agentic systems.
* OWASP AI Vulnerability Scoring System (AIVSS) — severity scoring framework for AI-specific risks.

---

Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
(<https://creativecommons.org/licenses/by-sa/4.0/>).
Modifications: Restructured into agent-consumable reference format with added
detection and remediation guidance.

*🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*


---
title: 'ASI01: Agent Goal Hijack'
description: OWASP Agentic Top 10 reference for agent goal hijack vulnerabilities where adversaries redirect autonomous agent objectives
---

# 01 Agent Goal Hijack

Identifier: ASI01:2026
Category: Goal Integrity

## Description

AI agents exhibit autonomous ability to execute a series of tasks to achieve a goal.
Attackers can manipulate an agent's objectives, task selection, or decision pathways through
prompt-based manipulation, deceptive tool outputs, malicious artefacts, forged agent-to-agent
messages, or poisoned external data.
Because agents rely on untyped natural-language inputs and loosely go

Install

What is this skill?

Recommended Skills

Journey fit

Is Owasp Agentic safe to install?

SKILL.md

This week for builders

Install

What is this skill?

Recommended Skills

Journey fit

Is Owasp Agentic safe to install?

SKILL.md