jd-opensource/pentest-ai-llm-security
skills/pentest-ai-llm-security/SKILL.md
AI/LLM application security testing — prompt injection, jailbreaking, data exfiltration, and insecure output handling per OWASP LLM Top 10.
$ install --global
skillsauthnpx skillsauth add jd-opensource/joysafeter pentest-ai-llm-securityInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 6, 2026, 2:18 AM4.2s3 files scanned
SKILL.md
- name:
- pentest-ai-llm-security
- description:
- AI/LLM application security testing — prompt injection, jailbreaking, data exfiltration, and insecure output handling per OWASP LLM Top 10.
Pentest AI/LLM Security
Purpose
AI-integrated applications introduce entirely new attack surfaces. Prompt injection is the "SQLi of AI." Neither Shannon nor any existing skill addresses this domain. OWASP LLM Top 10 (2025) defines the methodology.
Prerequisites
Authorization Requirements
- Written authorization with AI/LLM testing scope explicitly included
- Model access details — API endpoints, model versions, tool/function access
- Data sensitivity classification — what data the LLM can access
- Rate limit awareness — LLM API costs can escalate quickly
Environment Setup
- Garak for automated LLM vulnerability scanning
- Burp Suite for API interception of LLM requests/responses
- Python scripts for custom prompt injection payloads
- Local proxy to capture full request/response chains
Core Workflow
- Integration Point Discovery: Identify all LLM integration points — chat interfaces, content generation, RAG pipelines, AI search, code completion, summarization.
- Direct Prompt Injection: Override system prompts, extract system prompt content, inject instructions that change model behavior.
- Indirect Prompt Injection: Embed malicious instructions in documents/emails/web pages the LLM processes, poisoned RAG context.
- Data Exfiltration: Extract training data, PII from context windows, other users' conversation history, system config details.
- Insecure Output Handling: LLM output rendered as HTML (XSS via LLM), used in SQL queries (SQLi via LLM), used in system commands.
- Excessive Agency: LLM with tool access performing unauthorized actions, privilege escalation through tool chains, resource abuse.
- Classification: Document findings with OWASP LLM Top 10 (2025) classification and remediation guidance.
OWASP LLM Top 10 (2025) Coverage
| Category | Test Focus | Status | |----------|-----------|--------| | LLM01 Prompt Injection | Direct and indirect injection | ✅ | | LLM02 Sensitive Information Disclosure | Data exfiltration, PII leakage | ✅ | | LLM03 Supply Chain | Model provenance, plugin trust | ✅ | | LLM04 Data and Model Poisoning | Training data integrity | ✅ | | LLM05 Improper Output Handling | XSS/SQLi via LLM output | ✅ | | LLM06 Excessive Agency | Unauthorized tool use | ✅ | | LLM07 System Prompt Leakage | System prompt extraction | ✅ | | LLM08 Vector and Embedding Weaknesses | RAG poisoning | ✅ | | LLM09 Misinformation | Hallucination exploitation | ✅ | | LLM10 Unbounded Consumption | Resource exhaustion | ✅ |
Tool Categories
| Category | Tools | Purpose | |----------|-------|---------| | LLM Scanning | Garak, rebuff | Automated prompt injection testing | | API Interception | Burp Suite, mitmproxy | LLM API request/response capture | | Prompt Fuzzing | Custom Python scripts | Payload generation and testing | | Output Analysis | Browser DevTools, Burp | Insecure output rendering detection |
References
references/tools.md- Tool function signatures and parametersreferences/workflows.md- Attack pattern definitions and test vectors
Related Skills
jd-opensource/xlsx
development
VerifiedTrustedCommunity
Comprehensive spreadsheet creation, editing, and analysis with support for formulas, formatting, data analysis, and visualization. When Claude needs to work with spreadsheets (.xlsx, .xlsm, .csv, .tsv, etc) for: (1) Creating new spreadsheets with formulas and formatting, (2) Reading or analyzing data, (3) Modify existing spreadsheets while preserving formulas, (4) Data analysis and visualization in spreadsheets, or (5) Recalculating formulas
238SKILL.mdUpdated Apr 6, 2026
jd-opensource/writing-plans
development
VerifiedTrustedCommunity
Use when you have a spec or requirements for a multi-step task, before touching code
238SKILL.mdUpdated Apr 6, 2026
jd-opensource/skill-security-auditor
testing
VerifiedTrustedCommunity
OpenClaw Skills 全方位安全审计工具,检测供应链投毒、Prompt注入、恶意代码模式、权限越权和依赖风险
238SKILL.mdUpdated Apr 6, 2026
jd-opensource/skill-creator
tools
VerifiedTrustedCommunity
Guide for creating effective skills. This skill should be used when users want to create a new skill (or update an existing skill) that extends an agent's capabilities with specialized knowledge, workflows, or tool integrations.
238SKILL.mdUpdated Apr 6, 2026