Skill

ai-threat-testing

Deploys 10 specialized agents to test LLM applications for OWASP Top 10 vulnerabilities like prompt injection, model extraction, data poisoning, and supply chain attacks. Generates PoC reports for pentest workflows.

OpenAI

Anthropic

Langchain

security

ai-ml

npx claudepluginhub transilienceai/communitytools

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Test LLM applications for OWASP LLM Top 10 vulnerabilities using 10 specialized agents. Use for authorized AI security assessments.

Supporting Assets

reference/llm01-prompt-injection.mdreference/llm02-insecure-output.mdreference/llm03-training-poisoning.mdreference/llm04-resource-exhaustion.mdreference/llm05-supply-chain.mdreference/llm06-excessive-agency.mdreference/llm07-model-extraction.mdreference/llm08-vector-poisoning.mdreference/llm09-overreliance.mdreference/llm10-logging-bypass.md

SKILL.md

Similar Skills

Llm Security Audit

Audits LLM applications for vulnerabilities using OWASP Top 10 for LLMs, threat modeling, penetration testing, and compliance with NIST AI RMF and ISO 42001.

3 files

omer-metin-skills-for-antigravity-2

owasp-llm-top10

Audits LLM and GenAI applications for OWASP Top 10 2025 vulnerabilities including prompt injection, data leakage, supply chain risks, and more. Use before deployment, for RAG reviews, or pen testing.

mastepanoski-claude-skills

ai-scanner-garak

Scans LLMs for vulnerabilities using NVIDIA garak's 179 probes across 35 families via Rails UI with multi-tenant support, scheduling, PDF reports, and SIEM integration.

aradotso-trending-skills-37

Stats

Stars223

Forks44

Last CommitMar 30, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

AI Threat Testing

Test LLM applications for OWASP LLM Top 10 vulnerabilities using 10 specialized agents. Use for authorized AI security assessments.

Quick Start

1. Specify target (LLM app URL, API endpoint, or local model)
2. Select scope: Full OWASP Top 10 | Specific vulnerability | Supply chain
3. Agents deploy, test, capture evidence
4. Professional report with PoCs generated

Primary Agents

Each agent targets one OWASP LLM vulnerability:

Prompt Injection (LLM01): Direct/indirect injection, system prompt extraction
Output Handling (LLM02): Code/XSS injection, unsafe deserialization
Training Poisoning (LLM03): Membership inference, backdoors, data extraction
Resource Exhaustion (LLM04): Token flooding, DoS, cost impact
Supply Chain (LLM05): Dependency scanning, plugin security
Excessive Agency (LLM06): Privilege escalation, unauthorized actions
Model Extraction (LLM07): Query-based theft, data reconstruction
Vector Poisoning (LLM08): RAG injection, retrieval manipulation
Overreliance (LLM09): Hallucination testing, confidence manipulation
Logging Bypass (LLM10): Monitoring evasion, forensic gaps

See reference/llm0X-*.md for attack playbooks.

Workflows

Full Assessment (4-8 hours):

- [ ] Reconnaissance
- [ ] Deploy all 10 agents
- [ ] Execute exploits
- [ ] Capture evidence
- [ ] Generate report

Focused Testing (1-3 hours):

- [ ] Select vulnerability (LLM01-10)
- [ ] Deploy agent
- [ ] Execute techniques
- [ ] Document findings

Supply Chain Audit (2-4 hours):

- [ ] Inventory dependencies
- [ ] Scan CVEs
- [ ] Test plugins/APIs
- [ ] Verify model provenance

Integration

Enhances /pentest with AI-specific testing:

Traditional pentesting + AI threat testing = complete security assessment
Chain vulnerabilities across traditional and AI vectors
Unified reporting with CVSS scores

Key Techniques

Prompt Injection: Instruction override, system prompt extraction, filter evasion Model Extraction: Query sampling, token analysis, membership inference Data Poisoning: Behavioral anomalies, backdoor triggers, bias analysis DoS: Token flooding, recursive expansion, context exhaustion Supply Chain: CVE scanning, plugin audit, model verification MCP Tool Abuse: MCP server inspectors/debuggers often expose /api/mcp/connect or similar endpoints that accept serverConfig with arbitrary command parameters — unauthenticated RCE. Check for MCP Inspector, MCP Playground, or any MCP debugging UI on non-standard ports (6274, 3000, etc.).

Evidence Capture

All agents collect: screenshots, network logs, API responses, errors, console output, execution metrics.

Reporting

Automated reports include: executive summary, detailed findings (CVSS scores), PoC scripts, evidence, remediation guidance.

Critical Rules

Written authorization REQUIRED before testing
Never exceed defined scope
Test in isolated environments when possible
Document all findings with reproducible PoCs
Follow responsible disclosure practices

Integration

Integrates with /pentest skill for comprehensive security testing
AI-specific vulnerability knowledge in /AGENTS.md
Attack playbooks in reference/llm0X-*.md