What security standards does this skill follow?

The skill is grounded in the OWASP Top 10 for LLM Applications, specifically addressing prompt injection (LLM01), excessive agency (LLM06), and insecure output handling (LLM02).

What kind of output does the audit provide?

It generates a standardized report including a Permission Summary table, detailed Risk Findings, an Injection Surface Map, and prioritized remediation recommendations.

Is this skill useful for CLAUDE.md files?

Absolutely. It can review instructions within CLAUDE.md to ensure no security guardrails are missing and that the agent's stated purpose aligns with its assigned permissions.

Can I use this for Model Context Protocol (MCP) servers?

Yes, the skill is specifically designed to analyze MCP configurations, including the tools, resources, and credentials exposed to the agent.

How does it identify data exfiltration risks?

It maps the flow of sensitive data across agent boundaries, checking for secrets passed to external tools, file contents in web requests, and data forwarding between MCP servers.

Agent Security Audit

Name: Agent Security Audit
Author: cmaenner

bycmaenner

•

Seguridad y Pruebas

Audits AI agent configurations and orchestration code to identify security vulnerabilities, excessive permissions, and data exfiltration risks.

The Agent Security Audit skill provides a comprehensive framework for evaluating the security posture of AI agents, MCP servers, and orchestration setups. Grounded in OWASP LLM security principles, it systematically identifies risks such as prompt injection surfaces, insecure output handling, and excessive agency. By analyzing permission inventories and mapping data exfiltration paths, this skill helps developers ensure their AI implementations are resilient against malicious inputs and unauthorized actions while maintaining the principle of least privilege.

Características Principales

01Validation of security guardrails, rate limits, and audit logging.

02Excessive agency assessment based on OWASP LLM06 standards.

03Deep analysis of prompt injection surfaces in RAG documents and tool outputs.

04Comprehensive permission inventory for tools, MCP servers, and file systems.

05Mapping of potential data exfiltration paths and credential leaks.

065 GitHub stars

Casos de Uso

01Reviewing CLAUDE.md and MCP configurations for security compliance before deployment.

02Identifying OWASP Top 10 for LLM vulnerabilities in custom agent workflows.

03Auditing AI agent orchestration code for potential command injection or SSRF risks.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add cmaenner/agent-security-playbook agent-security-audit

For use in Claude.ai and ChatGPT

Características Principales

01Validation of security guardrails, rate limits, and audit logging.

02Excessive agency assessment based on OWASP LLM06 standards.

03Deep analysis of prompt injection surfaces in RAG documents and tool outputs.

04Comprehensive permission inventory for tools, MCP servers, and file systems.

05Mapping of potential data exfiltration paths and credential leaks.

065 GitHub stars

Casos de Uso

01Reviewing CLAUDE.md and MCP configurations for security compliance before deployment.

02Identifying OWASP Top 10 for LLM vulnerabilities in custom agent workflows.

03Auditing AI agent orchestration code for potential command injection or SSRF risks.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add cmaenner/agent-security-playbook agent-security-audit

For use in Claude.ai and ChatGPT