Owasp Llm

Name: Owasp Llm
Author: microsoft

microsoft/hve-core

Look up OWASP Top 10 for LLM Applications (2025) IDs, titles, and categories when designing or reviewing agent features.

Install

npx skills add https://github.com/microsoft/hve-core --skill owasp-llm

What is this skill?

Catalogs all 10 OWASP LLM 2025 entries from LLM01 Prompt Injection through LLM10 Unbounded Consumption
Maps each ID to a primary category (Input Integrity, Data Protection, Supply Chain, and six others)
Documents a consistent per-vulnerability structure: Description plus Risk sections in linked docs
Includes a cross-reference matrix for navigating the full OWASP LLM Top 10 set

Adoption & trust: 34 installs on skills.sh; 1.1k GitHub stars; 3/3 security scanners passed (skills.sh audits).

Recommended Skills

Azure Compliancemicrosoft/azure-skills

Azure Compliance is a Microsoft agent skill for solo builders and small teams who need structured security and complianc…373k installs·1.2k stars

Openclaw Secure Linux Cloudxixu-me/skills

OpenClaw Secure Linux Cloud guides a hardened VPS deployment—rootless Podman, loopback-only gateway, SSH-tunneled Contro…201k installs·61 stars

Entra Agent Idmicrosoft/azure-skills

entra-agent-id is a Microsoft-authored agent skill for provisioning and operating OAuth-capable identities tailored to A…99.1k installs·1.2k stars

Firebase Security Rules Auditorfirebase/agent-skills

Firebase Security Rules Auditor turns your agent into a senior penetration-style reviewer for Firestore rulesets. Solo b…40.3k installs·345 stars

Firestore Security Rules Auditorfirebase/agent-skills

Firestore-security-rules-auditor is a checker skill for solo builders and small teams shipping Firebase-backed apps who …20.3k installs·345 stars

Skill Vetteruseai-pro/openclaw-skills-security

Skill Vetter is a security-first OpenClaw agent skill that makes your coding agent behave like a pre-install auditor for…19.2k installs·62 stars

Journey fit

Primary fit

LLM risk taxonomy is most often cited during Ship security reviews, but the index is referenced whenever agents touch production data or tools. Security subphase is the canonical shelf for vulnerability indexes and threat framing before hardening or audit checklists.

Common Questions / FAQ

Is Owasp Llm safe to install?

skills.sh reports 3 of 3 security scanners passed. Review the Security Audits panel on this page before installing in production.

SKILL.md

READMESKILL.md - Owasp Llm

# 00 Vulnerability Index

This document provides the index for the OWASP Top 10 for LLM Applications (2025) vulnerabilities.
Each entry includes its identifier, title, and primary category.

## Vulnerability catalog

| ID         | Title                            | Category               |
|------------|----------------------------------|------------------------|
| LLM01:2025 | Prompt Injection                 | Input Integrity        |
| LLM02:2025 | Sensitive Information Disclosure | Data Protection        |
| LLM03:2025 | Supply Chain                     | Supply Chain           |
| LLM04:2025 | Data and Model Poisoning         | Data Integrity         |
| LLM05:2025 | Improper Output Handling         | Output Safety          |
| LLM06:2025 | Excessive Agency                 | Access Control         |
| LLM07:2025 | System Prompt Leakage            | Configuration Security |
| LLM08:2025 | Vector and Embedding Weaknesses  | Data Integrity         |
| LLM09:2025 | Misinformation                   | Output Reliability     |
| LLM10:2025 | Unbounded Consumption            | Resource Management    |

## Cross-reference matrix

Each vulnerability document follows a consistent structure:

1. Description — what the vulnerability is and how it manifests in LLM systems.
2. Risk — concrete consequences of exploitation and business impact.
3. Vulnerability checklist — indicators that the system is exposed.
4. Prevention controls — defensive measures and rectification steps.
5. Example attack scenarios — realistic exploitation narratives.
6. Detection guidance — signals and methods to identify exposure.
7. Remediation — immediate and long-term actions to contain and resolve.

## Category groupings

### Input Integrity

* LLM01:2025 Prompt Injection

### Data Protection

* LLM02:2025 Sensitive Information Disclosure

### Supply Chain

* LLM03:2025 Supply Chain

### Data Integrity

* LLM04:2025 Data and Model Poisoning
* LLM08:2025 Vector and Embedding Weaknesses

### Output Safety

* LLM05:2025 Improper Output Handling

### Access Control

* LLM06:2025 Excessive Agency

### Configuration Security

* LLM07:2025 System Prompt Leakage

### Output Reliability

* LLM09:2025 Misinformation

### Resource Management

* LLM10:2025 Unbounded Consumption

## Related OWASP projects

* OWASP Top 10 for Agentic Applications (2026) — agentic risks that build upon LLM vulnerabilities.
* OWASP Machine Learning Security Top 10 — ML-specific security risks.
* OWASP Application Security Verification Standard (ASVS) — general application security controls.

---

Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
(<https://creativecommons.org/licenses/by-sa/4.0/>).
Modifications: Restructured into agent-consumable reference format with added
detection and remediation guidance.

*🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*


---
title: 'LLM01: Prompt Injection'
description: OWASP LLM Top 10 reference for prompt injection vulnerabilities including direct and indirect injection attack patterns and mitigations
---

# 01 Prompt Injection

Identifier: LLM01:2025
Category: Input Integrity

## Description

A prompt injection vulnerability occurs when user prompts alter the LLM's behavior or output
in unintended ways. These inputs can affect the model even if they are imperceptible to humans,
as long as the content is parsed by the LLM.

Prompt injection vulnerabilities exist in how models process prompts, and how input may force
the model to incorrectly pass prompt data to other parts of the model, potentially causing
them to violate guidelines, generate harmful content, enable unauthorized access, or influence
critical decisions. Techniques like Retrieval Augmented

What is this skill?

Catalogs all 10 OWASP LLM 2025 entries from LLM01 Prompt Injection through LLM10 Unbounded Consumption

Maps each ID to a primary category (Input Integrity, Data Protection, Supply Chain, and six others)

Documents a consistent per-vulnerability structure: Description plus Risk sections in linked docs

Includes a cross-reference matrix for navigating the full OWASP LLM Top 10 set

Adoption & trust: 34 installs on skills.sh; 1.1k GitHub stars; 3/3 security scanners passed (skills.sh audits).

Journey fit

Primary fit

SKILL.md

READMESKILL.md - Owasp Llm

# 00 Vulnerability Index

This document provides the index for the OWASP Top 10 for LLM Applications (2025) vulnerabilities.
Each entry includes its identifier, title, and primary category.

## Vulnerability catalog

| ID         | Title                            | Category               |
|------------|----------------------------------|------------------------|
| LLM01:2025 | Prompt Injection                 | Input Integrity        |
| LLM02:2025 | Sensitive Information Disclosure | Data Protection        |
| LLM03:2025 | Supply Chain                     | Supply Chain           |
| LLM04:2025 | Data and Model Poisoning         | Data Integrity         |
| LLM05:2025 | Improper Output Handling         | Output Safety          |
| LLM06:2025 | Excessive Agency                 | Access Control         |
| LLM07:2025 | System Prompt Leakage            | Configuration Security |
| LLM08:2025 | Vector and Embedding Weaknesses  | Data Integrity         |
| LLM09:2025 | Misinformation                   | Output Reliability     |
| LLM10:2025 | Unbounded Consumption            | Resource Management    |

## Cross-reference matrix

Each vulnerability document follows a consistent structure:

1. Description — what the vulnerability is and how it manifests in LLM systems.
2. Risk — concrete consequences of exploitation and business impact.
3. Vulnerability checklist — indicators that the system is exposed.
4. Prevention controls — defensive measures and rectification steps.
5. Example attack scenarios — realistic exploitation narratives.
6. Detection guidance — signals and methods to identify exposure.
7. Remediation — immediate and long-term actions to contain and resolve.

## Category groupings

### Input Integrity

* LLM01:2025 Prompt Injection

### Data Protection

* LLM02:2025 Sensitive Information Disclosure

### Supply Chain

* LLM03:2025 Supply Chain

### Data Integrity

* LLM04:2025 Data and Model Poisoning
* LLM08:2025 Vector and Embedding Weaknesses

### Output Safety

* LLM05:2025 Improper Output Handling

### Access Control

* LLM06:2025 Excessive Agency

### Configuration Security

* LLM07:2025 System Prompt Leakage

### Output Reliability

* LLM09:2025 Misinformation

### Resource Management

* LLM10:2025 Unbounded Consumption

## Related OWASP projects

* OWASP Top 10 for Agentic Applications (2026) — agentic risks that build upon LLM vulnerabilities.
* OWASP Machine Learning Security Top 10 — ML-specific security risks.
* OWASP Application Security Verification Standard (ASVS) — general application security controls.

---

Content derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0
(<https://creativecommons.org/licenses/by-sa/4.0/>).
Modifications: Restructured into agent-consumable reference format with added
detection and remediation guidance.

*🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.*


---
title: 'LLM01: Prompt Injection'
description: OWASP LLM Top 10 reference for prompt injection vulnerabilities including direct and indirect injection attack patterns and mitigations
---

# 01 Prompt Injection

Identifier: LLM01:2025
Category: Input Integrity

## Description

A prompt injection vulnerability occurs when user prompts alter the LLM's behavior or output
in unintended ways. These inputs can affect the model even if they are imperceptible to humans,
as long as the content is parsed by the LLM.

Prompt injection vulnerabilities exist in how models process prompts, and how input may force
the model to incorrectly pass prompt data to other parts of the model, potentially causing
them to violate guidelines, generate harmful content, enable unauthorized access, or influence
critical decisions. Techniques like Retrieval Augmented

Install

What is this skill?

Recommended Skills

Journey fit

Is Owasp Llm safe to install?

SKILL.md

This week for builders

Install

What is this skill?

Recommended Skills

Journey fit

Is Owasp Llm safe to install?

SKILL.md