← Back to Skills

Llm Security

🏢Official
by semgrep · vlatest · Repository

Helps with LLMs, security as part of building AI and machine learning applications workflows.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add llm-security npx -- -y @trustedskills/llm-security
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "llm-security": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/llm-security"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

This skill provides security guidelines for building LLM applications, based on the OWASP Top 10 for LLM Applications 2025. It offers both proactive and reactive modes to identify and mitigate potential security risks. In proactive mode, it automatically checks for relevant security concerns during development or review. In reactive mode, it provides access to detailed code examples and rules related to specific vulnerabilities when a user requests information about LLM security.

When to use it

  • When building chatbot/conversational AI applications to address prompt injection, system prompt leakage, output handling, or unbounded consumption risks.
  • For RAG (Retrieval Augmented Generation) systems to protect against vector weaknesses, prompt injection, sensitive disclosure, and misinformation.
  • When developing AI agents with tools to manage excessive agency, prompt injection, output handling, and sensitive information disclosure.
  • During fine-tuning/training processes to prevent data poisoning, supply chain vulnerabilities, and sensitive disclosures.
  • For LLM-powered APIs to address unbounded consumption, prompt injection, output handling, and sensitive disclosure concerns.

Key capabilities

  • Proactive Security Checks: Automatically identifies potential security risks during development.
  • Reactive Guidance: Provides code examples and rules based on user queries about LLM security.
  • OWASP Top 10 Alignment: Based on the OWASP Top 10 for LLM Applications 2025.
  • Pattern-Specific Rules: Offers prioritized rule sets tailored to different application patterns (Chatbot, RAG system, AI agent with tools, etc.).
  • Detailed Rule Files: Provides access to specific rule files covering vulnerabilities like Prompt Injection (LLM01), Sensitive Information Disclosure (LLM02), and Data Poisoning (LLM04).

Example prompts

  • "What are the security considerations for building a chatbot?"
  • "How can I prevent prompt injection in my RAG system?"
  • "Show me code examples for handling LLM output securely."
  • “What rules should I follow when fine-tuning an LLM?”

Tips & gotchas

  • To ensure relevant results, specify the type of application you are building (e.g., chatbot, RAG system).
  • The skill provides code examples and rules; it does not automatically fix vulnerabilities. You need to apply the suggested patterns or flag vulnerable areas yourself.
  • Refer to rules/_sections.md for a complete index of all rules and their corresponding OWASP/MITRE references.
View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
semgrep
Installs
137
Repository (canonical source) →

🏢 Official

Published by the company or team that built the technology.