CtrlK
BlogDocsLog inGet started
Tessl Logo

common-llm-security

OWASP LLM Top 10 (2025) audit checklist for AI applications, agent tools, RAG pipelines, and prompt construction. Use when performing any security review touching LLM client code, prompt templates, agent tools, or vector stores.

78

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

100%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

A tight, well-structured audit checklist that is token-efficient, gives concrete detection signals and fixes, sequences the review with a marking/validation scheme, and offloads detail to a single one-level-deep reference. No significant weaknesses.

DimensionReasoningScore

Conciseness

Lean body with no padding — it assumes Claude knows what LLMs/RAG are and devotes every line to detection signals, anti-patterns, or audit instructions; every token earns its place.

3 / 3

Actionability

Gives concrete, copy-applicable detection signals per risk (e.g., 'User input string-concatenated into prompt', 'No max_tokens on LLM call') and concrete fixes ('Pass user input as separate user turn'); as an instruction-only audit skill the absence of code is not penalized because guidance is actionable.

3 / 3

Workflow Clarity

Sequences the audit explicitly ('Check LLM01 first', 'Check LLM06 next', 'Mark each item') with a verification scheme (✅⚠️🔴) and an explicit checkpoint rule ('P0 finding caps Security score at 40/100 — not skip any item').

3 / 3

Progressive Disclosure

SKILL.md is a concise overview that points one level deep to references/owasp-llm.md for full detection signals, signaled clearly twice; the referenced bundle file exists.

3 / 3

Total

12

/

12

Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A strong, third-person description that concisely states a concrete capability and an explicit Use-when trigger with natural keyword coverage. It is specific, complete, and distinctive with no notable gaps.

DimensionReasoningScore

Specificity

Names a concrete action ('audit checklist') applied to specific targets — 'AI applications, agent tools, RAG pipelines, and prompt construction' — listing multiple concrete audit surfaces rather than vague language.

3 / 3

Completeness

Explicitly answers both what ('OWASP LLM Top 10 (2025) audit checklist for...') and when ('Use when performing any security review touching...') with an explicit Use-when clause.

3 / 3

Trigger Term Quality

Includes natural terms a reviewer would say — 'security review', 'LLM client code', 'prompt templates', 'agent tools', 'vector stores' — with broad coverage of common variations (prompt injection, RAG, langchain, openai/anthropic).

3 / 3

Distinctiveness Conflict Risk

Occupies a clear niche (OWASP LLM Top 10 security audit) with distinct, specific triggers unlikely to fire for unrelated skills.

3 / 3

Total

12

/

12

Passed

Validation

87%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation14 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

metadata_version

'metadata.version' is missing

Warning

metadata_field

'metadata' should map string keys to string values

Warning

Total

14

/

16

Passed

Repository
HoangNguyen0403/agent-skills-standard
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.