llm-security

Original：🇺🇸 English

Translated

Security guidelines for LLM applications based on OWASP Top 10 for LLM 2025. Use when building LLM apps, reviewing AI security, implementing RAG systems, or asking about LLM vulnerabilities like "prompt injection" or "check LLM security".

2installs

Sourcesemgrep/skills

Added on2026-02-04

NPX Install

npx skill4agent add semgrep/skills llm-security

SKILL.md Content

View Translation Comparison →

LLM Security Guidelines (OWASP Top 10 for LLM 2025)

Comprehensive security rules for building secure LLM applications. Based on the OWASP Top 10 for Large Language Model Applications 2025 - the authoritative guide to LLM security risks.

How It Works

When building or reviewing LLM applications, reference these security guidelines
Each rule includes vulnerable patterns and secure implementations
Rules cover the complete LLM application lifecycle: training, deployment, and inference

Usage

Reference the rules in

rules/

directory for detailed examples:

```
rules/prompt-injection.md
```
- Prompt injection prevention (LLM01)
```
rules/sensitive-disclosure.md
```
- Sensitive information protection (LLM02)
```
rules/supply-chain.md
```
- Supply chain security (LLM03)
```
rules/data-poisoning.md
```
- Data and model poisoning prevention (LLM04)
```
rules/output-handling.md
```
- Output handling security (LLM05)
```
rules/excessive-agency.md
```
- Agency control (LLM06)
```
rules/system-prompt-leakage.md
```
- System prompt protection (LLM07)
```
rules/vector-embedding.md
```
- RAG and embedding security (LLM08)
```
rules/misinformation.md
```
- Misinformation mitigation (LLM09)
```
rules/unbounded-consumption.md
```
- Resource consumption control (LLM10)
```
rules/_sections.md
```
- Full index of all rules

Quick Reference

Vulnerability	Key Prevention
Prompt Injection	Input validation, output filtering, privilege separation
Sensitive Disclosure	Data sanitization, access controls, encryption
Supply Chain	Verify models, SBOM, trusted sources only
Data Poisoning	Data validation, anomaly detection, sandboxing
Output Handling	Treat LLM as untrusted, encode outputs, parameterize queries
Excessive Agency	Least privilege, human-in-the-loop, minimize extensions
System Prompt Leakage	No secrets in prompts, external guardrails
Vector/Embedding	Access controls, data validation, monitoring
Misinformation	RAG, fine-tuning, human oversight, cross-verification
Unbounded Consumption	Rate limiting, input validation, resource monitoring

Key Principles

Never trust LLM output - Validate and sanitize all outputs before use
Least privilege - Grant minimum necessary permissions to LLM systems
Defense in depth - Layer multiple security controls
Human oversight - Require approval for high-impact actions
Monitor and log - Track all LLM interactions for anomaly detection

llm-security

NPX Install

Tags

SKILL.md Content

LLM Security Guidelines (OWASP Top 10 for LLM 2025)

How It Works

Categories

Critical Impact

High Impact

Usage

Quick Reference

Key Principles

References