The skill encodes the OWASP Top 10 for Web Applications (2025) as structured, machine-readable
references that an agent can query to identify, assess, and remediate web application security
risks.
这份
SKILL.md
是OWASP Top 10 Skill的入口文件。
该Skill将**适用于Web应用的OWASP Top 10(2025版)**编码为结构化、机器可读的参考资料,Agent可通过查询这些资料来识别、评估和修复Web应用安全风险。
Normative references (Web Top 10)
规范性参考资料(Web Top 10)
00 Vulnerability Index
01 Broken Access Control
02 Security Misconfiguration
03 Software Supply Chain Failures
04 Cryptographic Failures
05 Injection
06 Insecure Design
07 Authentication Failures
08 Software or Data Integrity Failures
09 Security Logging and Alerting Failures
10 Mishandling of Exceptional Conditions
00 漏洞索引
01 访问控制失效
02 安全配置错误
03 软件供应链故障
04 加密失效
05 注入攻击
06 不安全设计
07 身份验证失效
08 软件或数据完整性失效
09 安全日志与告警失效
10 异常条件处理不当
Skill layout
Skill 结构
SKILL.md
— this file (skill entrypoint).
references/
— the Web Top 10 normative documents.
00-vulnerability-index.md
— index of all vulnerability identifiers, categories, and cross-references.
01
through
10
— one document per vulnerability aligned with OWASP Web Application Security numbering.