MR
Mayur Rathi
@github
⭐ 34.1k GitHub stars

Agent-Owasp-Compliance

Agent-Owasp-Compliance是一款security方向的AI技能,核心价值是|,可用于解决开发者在security领域的实际问题,帮助用户提升效率、自动化重复任务或优化工作流。

|

Last verified on: 2026-05-30
mkdir -p ./skills/agent-owasp-compliance && curl -sfL https://raw.githubusercontent.com/github/awesome-copilot/main/skills/agent-owasp-compliance/SKILL.md -o ./skills/agent-owasp-compliance/SKILL.md

Run in terminal / PowerShell. Requires curl (Unix) or PowerShell 5+ (Windows).

Skill Content

# Agent OWASP ASI Compliance Check


Evaluate AI agent systems against the OWASP Agentic Security Initiative (ASI) Top 10 — the industry standard for agent security posture.


Overview


The OWASP ASI Top 10 defines the critical security risks specific to autonomous AI agents — not LLMs, not chatbots, but agents that call tools, access systems, and act on behalf of users. This skill checks whether your agent implementation addresses each risk.


text 
Codebase → Scan for each ASI control:
  ASI-01: Prompt Injection Protection
  ASI-02: Tool Use Governance
  ASI-03: Agency Boundaries
  ASI-04: Escalation Controls
  ASI-05: Trust Boundary Enforcement
  ASI-06: Logging & Audit
  ASI-07: Identity Management
  ASI-08: Policy Integrity
  ASI-09: Supply Chain Verification
  ASI-10: Behavioral Monitoring
→ Generate Compliance Report (X/10 covered)

The 10 Risks


| Risk | Name | What to Look For |

|------|------|-----------------|

| ASI-01 | Prompt Injection | Input validation before tool calls, not just LLM output filtering |

| ASI-02 | Insecure Tool Use | Tool allowlists, argument validation, no raw shell execution |

| ASI-03 | Excessive Agency | Capability boundaries, scope limits, principle of least privilege |

| ASI-04 | Unauthorized Escalation | Privilege checks before sensitive operations, no self-promotion |

| ASI-05 | Trust Boundary Violation | Trust verification between agents, signed credentials, no blind trust |

| ASI-06 | Insufficient Logging | Structured audit trail for all tool calls, tamper-evident logs |

| ASI-07 | Insecure Identity | Cryptographic agent identity, not just string names |

| ASI-08 | Policy Bypass | Deterministic policy enforcement, no LLM-based permission checks |

| ASI-09 | Supply Chain Integrity | Signed plugins/tools, integrity verification, dependency auditing |

| ASI-10 | Behavioral Anomaly | Drift detection, circuit breakers, kill switch capability |


---


Check ASI-01: Prompt Injection Protection


Look for input validation that runs **before** tool execution, not after LLM generation.


python 
import re
from pathlib import Path

def check_asi_01(project_path: str) -> dict:
    """ASI-01: Is user input validated before reaching tool execution?"""
    positive_patterns = [
        "input_validation", "validate_input", "sanitize",
        "classify_intent", "prompt_injection", "threat_detect",
        "PolicyEvaluator", "PolicyEngine", "check_content",
    ]
    negative_patterns = [
        r"eval\(", r"exec\(", r"subprocess\.run\(.*shell=True",
        r"os\.system\(",
    ]

    # Scan Python files for signals
    root = Path(project_path)
    positive_matches = []
    negative_matches = []

    for py_file in root.rglob("*.py"):
        content = py_file.read_text(errors="ignore")
        for pattern in positive_patterns:
            if pattern in content:
                positive_matches.append(f"{py_file.name}: {pattern}")
        for pattern in negative_patterns:
            if re.search(pattern, content):
                negative_matches.append(f"{py_file.name}: {pattern}")

    positive_found = len(positive_matches) > 0
    negative_found = len(negative_matches) > 0

    return {
        "risk": "ASI-01",
        "name": "Prompt Injection",
        "status": "pass" if positive_found and not negative_found else "fail",
        "controls_found": positive_matches,
        "vulnerabilities": negative_matches,
        "recommendation": "Add input validation before tool execution, not just output filtering"
    }

**What passing looks like:**

python 
# GOOD: Validate before tool execution
result = policy_engine.evaluate(user_input)
if result.action == "deny":
    return "Request blocked by policy"
tool_result = await execute_tool(validated_input)

**What failing looks like:**

python 
# BAD: User input goes directly to tool
tool_result = await execute_tool(user_input)  # No validation

---


Check ASI-02: Insecure Tool Use


Verify tools have allowlists, argument validati

🎯 Best For

  • Claude users
  • GitHub Copilot users
  • AI users

💡 Use Cases

  • Using Agent-Owasp-Compliance in daily workflow
  • Automating repetitive security tasks

📖 How to Use This Skill

  1. 1

    Install the Skill

    Copy the install command from the Terminal tab and run it. The SKILL.md file downloads to your local skills directory.

  2. 2

    Load into Your AI Assistant

    Open Claude or GitHub Copilot and reference the skill. Paste the SKILL.md content or use the system prompt tab.

  3. 3

    Apply Agent-Owasp-Compliance to Your Work

    Provide context for your task — paste source material, describe your audience, or share existing work to guide the AI.

  4. 4

    Review and Refine

    Edit the AI output for accuracy, tone, and completeness. Add human insight where the AI lacks context.

❓ Frequently Asked Questions

How do I install Agent-Owasp-Compliance?

Copy the install command from the Terminal tab and run it. The skill downloads to ./skills/agent-owasp-compliance/SKILL.md, ready to use.

Can I customize this skill for my team?

Absolutely. Edit the SKILL.md file to add team-specific instructions, examples, or workflows.

⚠️ Common Mistakes to Avoid

Not reading the full skill

Skills contain important context and edge cases beyond the quick start.

🔗 Related Skills

audit-integrity Audit-Integrityazure-policy-analyzer Azure Policy Analyzerdata-breach-blast-radius Data-Breach-Blast-Radiusexpert-embedded-c-engineer Expert-Embedded-C-Engineergem-reviewer Gem-Reviewerimpediment-prioritization Impediment-Prioritization