From llm-observability
Adversarially tests LLM/agent apps for prompt injection, jailbreaks, data exfiltration, tool misuse, and unsafe output. Use before shipping customer-facing apps.
How this skill is triggered — by the user, by Claude, or both
Slash command
/llm-observability:red-team-llm-appThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Red-teaming is structured adversarial testing: try to make the app misbehave, on purpose, so you find the holes before users or attackers do. Cover the known attack classes systematically rather than trying a few clever prompts.
Red-teaming is structured adversarial testing: try to make the app misbehave, on purpose, so you find the holes before users or attackers do. Cover the known attack classes systematically rather than trying a few clever prompts.
LLMs process instructions and data in the same channel with no hard separation, so an attacker can smuggle input the model treats as a new instruction. That single property is behind most of the attack classes below, and it is why "just prompt it not to" is not a real defense.
redteam mode), DeepTeam, garak, PyRIT.No single fix is enough; layer them. Add input + output guardrails (see add-llm-guardrails), separate untrusted content from instructions, least-privilege tools with human-in-the-loop for destructive actions, and sanitize output before rendering/executing. Then observe attack attempts in production (see add-llm-guardrails telemetry) so you see when injection attempts rise.
Attack taxonomy: OWASP Top 10 for LLM Applications (prompt injection is LLM01). Automated attacks: Automatic and Universal Prompt Injection Attacks against LLMs (arXiv:2403.04957). LLM cyber-risk evaluation: Meta CyberSecEval 3 (arXiv:2408.01605).
npx claudepluginhub contextjet-ai/awesome-llm-observabilityAssesses AI/LLM application security including prompt injection, jailbreak resistance, OWASP LLM Top 10 (2025), RAG/agent security, and model supply chain risks. Maps findings to MITRE ATLAS and recommends mitigations.
Audit applications for AI prompt injection, agent security, and LLM permission boundary vulnerabilities. Use when securing AI features or agents.
Offensive checklist for AI/LLM security testing: prompt injection, jailbreaking, model extraction, training data poisoning, adversarial inputs, and LLM-assisted attack automation. Use for red-teaming and authorized security assessments of AI/ML systems.