llm-security
작성자: semgrep
OWASP Top 10 for LLM 2025에 기반한 LLM 애플리케이션 보안 가이드라인입니다. LLM 앱 구축, AI 보안 검토, RAG 시스템 구현 시 사용하세요.
npx skills add https://github.com/semgrep/skills --skill llm-securityLLM Security Guidelines (OWASP Top 10 for LLM 2025)
Security rules for building secure LLM applications, based on the OWASP Top 10 for LLM Applications 2025.
How to Use This Skill
Proactive mode — When building or reviewing LLM applications, automatically check for relevant security risks based on the application pattern. You don't need to wait for the user to ask about LLM security.
Reactive mode — When the user asks about LLM security, use the mapping below to find relevant rule files with detailed vulnerable/secure code examples.
Workflow
- Identify what the user is building (see "What Are You Building?" below)
- Check the priority rules for that pattern
- Read the specific rule files from
rules/for code examples - Apply the secure patterns or flag vulnerable ones
What Are You Building?
Use this to quickly identify which rules matter most for the user's task:
| Building... | Priority Rules |
|---|---|
| Chatbot / conversational AI | Prompt Injection (LLM01), System Prompt Leakage (LLM07), Output Handling (LLM05), Unbounded Consumption (LLM10) |
| RAG system | Vector/Embedding Weaknesses (LLM08), Prompt Injection (LLM01), Sensitive Disclosure (LLM02), Misinformation (LLM09) |
| AI agent with tools | Excessive Agency (LLM06), Prompt Injection (LLM01), Output Handling (LLM05), Sensitive Disclosure (LLM02) |
| Fine-tuning / training | Data Poisoning (LLM04), Supply Chain (LLM03), Sensitive Disclosure (LLM02) |
| LLM-powered API | Unbounded Consumption (LLM10), Prompt Injection (LLM01), Output Handling (LLM05), Sensitive Disclosure (LLM02) |
| Content generation | Misinformation (LLM09), Output Handling (LLM05), Prompt Injection (LLM01) |
Categories
Critical Impact
- LLM01: Prompt Injection (
rules/prompt-injection.md) - Prevent direct and indirect prompt manipulation - LLM02: Sensitive Information Disclosure (
rules/sensitive-disclosure.md) - Protect PII, credentials, and proprietary data - LLM03: Supply Chain (
rules/supply-chain.md) - Secure model sources, training data, and dependencies - LLM04: Data and Model Poisoning (
rules/data-poisoning.md) - Prevent training data manipulation and backdoors - LLM05: Improper Output Handling (
rules/output-handling.md) - Sanitize LLM outputs before downstream use
High Impact
- LLM06: Excessive Agency (
rules/excessive-agency.md) - Limit LLM permissions, functionality, and autonomy - LLM07: System Prompt Leakage (
rules/system-prompt-leakage.md) - Protect system prompts from disclosure - LLM08: Vector and Embedding Weaknesses (
rules/vector-embedding.md) - Secure RAG systems and embeddings - LLM09: Misinformation (
rules/misinformation.md) - Mitigate hallucinations and false outputs - LLM10: Unbounded Consumption (
rules/unbounded-consumption.md) - Prevent DoS, cost attacks, and model theft
See rules/_sections.md for the full index with OWASP/MITRE references.
Quick Reference
| Vulnerability | Key Prevention |
|---|---|
| Prompt Injection | Input validation, output filtering, privilege separation |
| Sensitive Disclosure | Data sanitization, access controls, encryption |
| Supply Chain | Verify models, SBOM, trusted sources only |
| Data Poisoning | Data validation, anomaly detection, sandboxing |
| Output Handling | Treat LLM as untrusted, encode outputs, parameterize queries |
| Excessive Agency | Least privilege, human-in-the-loop, minimize extensions |
| System Prompt Leakage | No secrets in prompts, external guardrails |
| Vector/Embedding | Access controls, data validation, monitoring |
| Misinformation | RAG, fine-tuning, human oversight, cross-verification |
| Unbounded Consumption | Rate limiting, input validation, resource monitoring |
Key Principles
- Never trust LLM output - Validate and sanitize all outputs before use
- Least privilege - Grant minimum necessary permissions to LLM systems
- Defense in depth - Layer multiple security controls
- Human oversight - Require approval for high-impact actions
- Monitor and log - Track all LLM interactions for anomaly detection
References
semgrep의 다른 스킬
setup-semgrep-plugin
semgrep
Semgrep 플러그인을 설치하고 인증한 후 호환성을 확인하여 설정합니다.
official
code-security
semgrep
보안 코드 작성을 위한 보안 지침. 코드를 작성하거나, 취약점을 검토하거나, '다음을 확인하세요'와 같은 안전한 코딩 관행에 대해 질문할 때 사용합니다.
official
semgrep
semgrep
Semgrep 정적 분석 스캔을 실행하고 사용자 정의 탐지 규칙을 생성합니다. Semgrep으로 코드를 스캔하고, 보안 취약점을 찾고, 사용자 정의 YAML을 작성하라는 요청을 받았을 때 사용하세요.
official