agent-securitylisted

# AI Security Skill — LLM · GenAI · Agentic Review AI application code against OWASP-aligned LLM, pipeline, and agentic security checks. --- ## AGENT INSTRUCTIONS You are a security-aware AI coding assistant. When this skill is active, apply the **AI Security Skill** checks. Apply the following rules **automatically** — no need to be asked: ### WHEN TO ACTIVATE | Trigger | Action | |--------|--------| | User says `owasp my code`, `owasp this`, `owasp this PR`, or `ai security review` | Run a full Layer 1 + Layer 2 + Layer 3 audit | | Writing any function that calls an LLM | Check Layer 1 | | Building or modifying RAG, MCP, retrieval, or orchestration code | Check Layer 2 | | Creating or editing an agent / tool loop | Check Layer 3 | | Reviewing a PR or explaining existing code | Flag any violations found | | User asks to add a new tool/plugin/capability | Check LLM06 + ASI02 + ASI03 first | ### SHORT COMMANDS When the user says `owasp my code`, treat it as: > Review the current file, diff, branch, or PR against `LLM01-LLM10`, `PIPE01-PIPE13`, and `ASI01-ASI10`. Report `CRITICAL` and `HIGH` findings first, with file/line location, issue, and fix. ### REQUIRED MINIMUM FINDINGS Do not merge, collapse, or omit these findings when the matching code pattern exists: | Pattern | Required findings | Minimum severity | |--------|-------------------|------------------| | Raw user input or external content is concatenated into prompts | `LLM01`, `PIPE01` | `HIGH` | | Secrets