name: owasp-llm description: OWASP Top 10 for LLM Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in large language model systems - Brought to you by microsoft/hve-core. license: CC-BY-SA-4.0 user-invocable: false metadata: authors: "OWASP LLM Applications Security Initiative" spec_version: "1.0" framework_revision: "1.0.0" last_updated: "2026-02-13" skill_based_on: "https://github.com/chris-buckley/agnostic-prompt-standard" content_based_on: "https://genai.owasp.org/resource/owasp-top-10-for-llm-applications-2025/"

OWASP® LLM Top 10 — Skill Entry

This SKILL.md is the entrypoint for the OWASP LLM Top 10 skill.

The skill encodes the OWASP Top 10 for LLM Applications (2025) as structured, machine-readable references that an agent can query to identify, assess, and remediate security risks in large language model systems.

Normative references (LLM Top 10)

1. 00 Vulnerability Index
2. 01 Prompt Injection
3. 02 Sensitive Information Disclosure
4. 03 Supply Chain
5. 04 Data and Model Poisoning
6. 05 Improper Output Handling
7. 06 Excessive Agency
8. 07 System Prompt Leakage
9. 08 Vector and Embedding Weaknesses
10. 09 Misinformation
11. 10 Unbounded Consumption

Skill layout

• SKILL.md — this file (skill entrypoint).
• references/ — the LLM Top 10 normative documents.
  • 00-vulnerability-index.md — index of all vulnerability identifiers, categories, and cross-references.
  • 01 through 10 — one document per vulnerability aligned with OWASP LLM Applications numbering.

Third-Party Attribution

Copyright © OWASP Foundation. OWASP® Top 10 for LLM Applications (2025) content is derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0 (https://creativecommons.org/licenses/by-sa/4.0/). Source: https://genai.owasp.org/resource/owasp-top-10-for-llm-applications-2025/ Modifications: Vulnerability descriptions restructured into agent-consumable reference documents with added detection and remediation guidance. OWASP® is a registered trademark of the OWASP Foundation. Use does not imply endorsement.

🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.