microsoft/owasp-top-10
.github/skills/security/owasp-top-10/SKILL.md
OWASP Top 10 for Web Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in web application environments - Brought to you by microsoft/hve-core.
$ install --global
skillsauthnpx skillsauth add microsoft/hve-core owasp-top-10Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 9, 2026, 2:12 AM263.0s12 files scanned
SKILL.md
- name:
- owasp-top-10
- description:
- OWASP Top 10 for Web Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in web application environments - Brought to you by microsoft/hve-core.
- license:
- CC-BY-SA-4.0
- user-invocable:
- false
- authors:
- OWASP Web Application Security Project
- spec_version:
- 1.0
- framework_revision:
- 1.0.0
- last_updated:
- 2026-02-13
- skill_based_on:
- https://github.com/chris-buckley/agnostic-prompt-standard
- content_based_on:
- https://owasp.org/Top10/2025/
OWASP® Top 10 — Skill Entry
This SKILL.md is the entrypoint for the OWASP Top 10 skill.
The skill encodes the OWASP Top 10 for Web Applications (2025) as structured, machine-readable references that an agent can query to identify, assess, and remediate web application security risks.
Normative references (Web Top 10)
- 00 Vulnerability Index
- 01 Broken Access Control
- 02 Security Misconfiguration
- 03 Software Supply Chain Failures
- 04 Cryptographic Failures
- 05 Injection
- 06 Insecure Design
- 07 Authentication Failures
- 08 Software or Data Integrity Failures
- 09 Security Logging and Alerting Failures
- 10 Mishandling of Exceptional Conditions
Skill layout
SKILL.md— this file (skill entrypoint).references/— the Web Top 10 normative documents.00-vulnerability-index.md— index of all vulnerability identifiers, categories, and cross-references.01through10— one document per vulnerability aligned with OWASP Web Application Security numbering.
Third-Party Attribution
Copyright © OWASP Foundation. OWASP® Top 10 (2025) content is derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0 (https://creativecommons.org/licenses/by-sa/4.0/). Source: https://owasp.org/Top10/2025/ Modifications: Vulnerability descriptions restructured into agent-consumable reference documents with added detection and remediation guidance. OWASP® is a registered trademark of the OWASP Foundation. Use does not imply endorsement.
🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.
Related Skills
microsoft/pr-reference
tools
VerifiedTrustedCommunity
Generates PR reference XML containing commit history and unified diffs between branches with extension and path filtering. Includes utilities to list changed files by type and read diff chunks. Use when creating pull request descriptions, preparing code reviews, analyzing branch changes, discovering work items from diffs, or generating structured diff summaries. - Brought to you by microsoft/hve-core
909SKILL.mdUpdated Apr 9, 2026
microsoft/security-reviewer-formats
development
VerifiedTrustedCommunity
Format specifications and data contracts for the security reviewer orchestrator and its subagents - Brought to you by microsoft/hve-core.
909SKILL.mdUpdated Apr 9, 2026
microsoft/secure-by-design
development
VerifiedTrustedCommunity
Secure by Design principles knowledge base for assessing adherence to security-first design, development, and deployment practices across the software lifecycle - Brought to you by microsoft/hve-core.
909SKILL.mdUpdated Apr 9, 2026
microsoft/owasp-mcp
tools
VerifiedTrustedCommunity
OWASP MCP Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in Model Context Protocol environments - Brought to you by microsoft/hve-core.
909SKILL.mdUpdated Apr 9, 2026