Summary

Create the owasp-llm skill under .github/skills/security/owasp-llm/ providing detection checklists, severity guidance, and remediation patterns for the OWASP Top 10 for LLM Applications 2025.

This skill is consumed by the security-reviewer agent (not user-invocable). Content is adapted from JasonTheDeveloper's owasp-skills llm-vulnerabilities skill. Added to MVP per JasonTheDeveloper's suggestion: "A lot of our work nowadays revolve around agentic applications and using LLMs."

Acceptance Criteria

• .github/skills/security/owasp-llm/SKILL.md exists with valid frontmatter
  • name: owasp-llm matches directory name
  • description ends with - Brought to you by microsoft/hve-core
  • user-invocable: false
  • metadata.content_based_on references OWASP LLM Top 10 2025 source URL
• references/ directory contains 11 files:
  • 00-vulnerability-index.md — summary table with all 10 LLM vulnerabilities
  • 10 individual vulnerability reference files (numbered 01- through 10-)
• Each reference file follows the 7-section pattern: Description → Risk → Vulnerability Checklist → Prevention Controls → Example Attacks → Detection Guidance → Remediation
• SKILL.md body references the vulnerability index and instructs the agent on how to traverse references
• npm run validate:skills passes for this skill

Content Source

Adapted from JasonTheDeveloper's owasp-skills llm-vulnerabilities/ skill. Naming convention changed from llm-vulnerabilities to owasp-llm per Discussion #480 terminology.

Dependencies

• Depends on collection rename (chore(collections): rename security-planning collection to security #792) for directory path .github/skills/security/
• Can run in parallel with owasp-top-10 and owasp-agentic skill issues