What is the LLM Risk Assessment skill?

It is a specialized capability for Claude Code that provides a standardized framework for identifying, testing, and mitigating security vulnerabilities in LLM-powered applications and AI agents.

Can it help with automated security testing?

The skill provides procedures for running automated probes using tools like Garak and Giskard, as well as custom scripts for validating vector database security and secret detection.

Does this skill support the latest security standards?

Yes, it is fully grounded in the OWASP Top 10 for LLM Applications 2025, covering modern risks like model poisoning, excessive agency, and system prompt leakage.

What kind of output can I expect from this assessment?

The skill generates a comprehensive report including an architecture trust-boundary diagram, a risk matrix with severity ratings, proof-of-concept attack scenarios, and a prioritized remediation roadmap.

LLM Security Risk Assessment

Name: LLM Security Risk Assessment
Author: cmaenner

bycmaenner

•

Security & Testing

Conducts comprehensive security audits of LLM applications based on the OWASP Top 10 for LLM Applications 2025 standards.

This skill provides a structured, professional-grade methodology for evaluating the security posture of AI agents, RAG pipelines, and GenAI features. It guides developers and security researchers through architecture threat modeling, automated prompt injection testing, and a deep-dive analysis of all ten OWASP LLM risks—including excessive agency, data poisoning, and system prompt leakage—resulting in a detailed remediation roadmap and defense validation checklist.

Key Features

01Comprehensive OWASP Top 10 for LLM Applications (2025) alignment

02Automated and manual prompt injection and jailbreak testing methodologies

03Detailed reporting with severity-ranked risk matrices and remediation code

045 GitHub stars

05Analysis of supply chain, data poisoning, and excessive agency risks

06Structured threat modeling for RAG pipelines and AI agent architectures

Use Cases

01Auditing a production RAG pipeline for sensitive information disclosure and poisoning

02Testing an autonomous AI agent's tool-calling permissions for excessive agency

03Performing a pre-deployment red team assessment of a new LLM-integrated feature

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add cmaenner/agent-security-playbook llm-risk-assess

For use in Claude.ai and ChatGPT

Key Features

01Comprehensive OWASP Top 10 for LLM Applications (2025) alignment

02Automated and manual prompt injection and jailbreak testing methodologies

03Detailed reporting with severity-ranked risk matrices and remediation code

045 GitHub stars

05Analysis of supply chain, data poisoning, and excessive agency risks

06Structured threat modeling for RAG pipelines and AI agent architectures

Use Cases

01Auditing a production RAG pipeline for sensitive information disclosure and poisoning

02Testing an autonomous AI agent's tool-calling permissions for excessive agency

03Performing a pre-deployment red team assessment of a new LLM-integrated feature

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add cmaenner/agent-security-playbook llm-risk-assess

For use in Claude.ai and ChatGPT