Stats
Actions
Tags
From llm-security
Assess an LLM-backed application against the OWASP Top 10 for LLM Applications, producing a per-category finding set with severity and mitigations. Use when reviewing a chatbot, copilot, RAG app, or any feature built on an LLM.
How this skill is triggered — by the user, by Claude, or both
Slash command
/llm-security:owasp-llm-top10The summary Claude sees in its skill listing — used to decide when to auto-load this skill
A structured assessment across all ten OWASP LLM risk categories, with concrete
A structured assessment across all ten OWASP LLM risk categories, with concrete findings (or "not applicable / mitigated") and prioritized mitigations.
ai-threat-model pass helps here.reference.md for the full LLM Top 10 with checks
and mitigations): prompt injection, sensitive information disclosure, supply
chain, data/model poisoning, improper output handling, excessive agency,
system-prompt leakage, vector/embedding weaknesses, misinformation, and
unbounded consumption.prompt-injection-test to substantiate injection
findings rather than asserting them.threat-modeling:risk-rank) and summarize top risks.A per-category table (category · applicable? · finding · severity · mitigation)
plus a ranked top-risks list. Route findings through security-reporting:finding
for formal writeups.
Read reference.md for the authoritative category list, signs to look for, and
mitigations. Keep testing authorized and within the app's intended scope. Excessive
agency and improper output handling are the categories most often missed — give
them explicit attention.
npx claudepluginhub jassics/awesome-claude-security --plugin llm-securityProvides CDSS development patterns for drug interaction checking, dose validation, clinical scoring (NEWS2, qSOFA), and alert classification integrated into EMR workflows.