common-llm-security
OWASP LLM Top 10 (2025) audit checklist for AI applications, agent tools, RAG pipelines, and prompt construction. Use when performing any security review touching LLM client code, prompt templates, agent tools, or vector stores.
64
77%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./.github/skills/common/common-llm-security/SKILL.mdQuality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a solid description with excellent completeness and distinctiveness, clearly specifying both when to use the skill and its security-focused LLM domain. The main weakness is that the 'what' portion describes the skill as a 'checklist' without enumerating the concrete actions it performs (e.g., identifying prompt injection risks, checking for data poisoning, reviewing output handling). The trigger terms are well-chosen and cover natural user language.
Suggestions
Add 2-3 specific concrete actions the checklist performs, e.g., 'Identifies prompt injection risks, checks for sensitive data exposure, validates tool call authorization, and reviews retrieval pipeline security.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (OWASP LLM Top 10 security audit) and mentions specific areas like AI applications, agent tools, RAG pipelines, and prompt construction, but doesn't list concrete actions beyond 'audit checklist' — it doesn't specify what the skill actually does (e.g., 'checks for prompt injection vulnerabilities, validates input sanitization, reviews retrieval pipelines for data leakage'). | 2 / 3 |
Completeness | Clearly answers both 'what' (OWASP LLM Top 10 audit checklist for AI applications, agent tools, RAG pipelines, prompt construction) and 'when' (explicit 'Use when performing any security review touching LLM client code, prompt templates, agent tools, or vector stores'). | 3 / 3 |
Trigger Term Quality | Includes strong natural trigger terms that users would actually say: 'security review', 'LLM', 'prompt templates', 'agent tools', 'vector stores', 'RAG pipelines', 'OWASP'. These cover a good range of terms a user performing security work on LLM applications would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive — the combination of OWASP LLM Top 10, security audit, and specific LLM-related components (RAG pipelines, vector stores, prompt templates, agent tools) creates a clear niche that is unlikely to conflict with general security or general LLM skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
64%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured, concise security checklist that efficiently covers the OWASP LLM Top 10 with clear detection signals and prioritization. Its main weaknesses are the lack of concrete code examples showing vulnerable vs. safe patterns (reducing actionability) and the absence of an explicit step-by-step audit workflow with validation checkpoints. The referenced bundle file doesn't exist, weakening the progressive disclosure strategy.
Suggestions
Add concrete before/after code examples for at least the P0 items (LLM01 prompt injection and LLM06 excessive agency) showing vulnerable code and the corresponding safe pattern.
Add an explicit numbered audit workflow section (e.g., 1. Inventory LLM call sites → 2. Check each against table → 3. Mark findings → 4. Verify P0s with second pass → 5. Generate report) with validation checkpoints.
Provide the referenced `references/owasp-llm.md` bundle file or remove the reference if it doesn't exist, to avoid broken navigation.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Every token earns its place. The table format is efficient, anti-patterns are terse, and there's no explanation of what OWASP is or how LLMs work. Assumes Claude's competence throughout. | 3 / 3 |
Actionability | The checklist provides concrete detection signals and a clear marking system (✅/⚠️/🔴), but lacks executable examples — no code snippets showing what a vulnerable prompt concatenation looks like vs. a safe pattern, no example audit output, and anti-patterns are stated as rules without concrete before/after code. | 2 / 3 |
Workflow Clarity | There's a clear priority order (LLM01 first, LLM06 next) and a marking system, but no explicit step-by-step audit workflow with validation checkpoints. For a security audit involving potentially destructive findings, there's no feedback loop (e.g., verify finding → confirm severity → document → re-check). | 2 / 3 |
Progressive Disclosure | References a detailed file (references/owasp-llm.md) for full detection signals, which is good one-level-deep disclosure. However, the bundle has no files, so the reference is unverifiable, and the skill could better signal what's in the reference file vs. what's inline. | 2 / 3 |
Total | 9 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
metadata_version | 'metadata.version' is missing | Warning |
metadata_field | 'metadata' should map string keys to string values | Warning |
Total | 9 / 11 Passed | |
- Repository
- HoangNguyen0403/agent-skills-standard
- Commit
3df717f
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.