{"id":"9e8ec650-4c39-4356-9949-8b00aaf6dfb4","shortId":"UC3QyL","kind":"skill","title":"agent-owasp-compliance","tagline":"Check any AI agent codebase against the OWASP Agentic Security Initiative (ASI) Top 10 risks.\nUse this skill when:\n- Evaluating an agent system's security posture before production deployment\n- Running a compliance check against OWASP ASI 2026 standards\n- Mapping existing securit","description":"# Agent OWASP ASI Compliance Check\n\nEvaluate AI agent systems against the OWASP Agentic Security Initiative (ASI) Top 10 — the industry standard for agent security posture.\n\n## Overview\n\nThe OWASP ASI Top 10 defines the critical security risks specific to autonomous AI agents — not LLMs, not chatbots, but agents that call tools, access systems, and act on behalf of users. This skill checks whether your agent implementation addresses each risk.\n\n```\nCodebase → Scan for each ASI control:\n  ASI-01: Prompt Injection Protection\n  ASI-02: Tool Use Governance\n  ASI-03: Agency Boundaries\n  ASI-04: Escalation Controls\n  ASI-05: Trust Boundary Enforcement\n  ASI-06: Logging & Audit\n  ASI-07: Identity Management\n  ASI-08: Policy Integrity\n  ASI-09: Supply Chain Verification\n  ASI-10: Behavioral Monitoring\n→ Generate Compliance Report (X/10 covered)\n```\n\n## The 10 Risks\n\n| Risk | Name | What to Look For |\n|------|------|-----------------|\n| ASI-01 | Prompt Injection | Input validation before tool calls, not just LLM output filtering |\n| ASI-02 | Insecure Tool Use | Tool allowlists, argument validation, no raw shell execution |\n| ASI-03 | Excessive Agency | Capability boundaries, scope limits, principle of least privilege |\n| ASI-04 | Unauthorized Escalation | Privilege checks before sensitive operations, no self-promotion |\n| ASI-05 | Trust Boundary Violation | Trust verification between agents, signed credentials, no blind trust |\n| ASI-06 | Insufficient Logging | Structured audit trail for all tool calls, tamper-evident logs |\n| ASI-07 | Insecure Identity | Cryptographic agent identity, not just string names |\n| ASI-08 | Policy Bypass | Deterministic policy enforcement, no LLM-based permission checks |\n| ASI-09 | Supply Chain Integrity | Signed plugins/tools, integrity verification, dependency auditing |\n| ASI-10 | Behavioral Anomaly | Drift detection, circuit breakers, kill switch capability |\n\n---\n\n## Check ASI-01: Prompt Injection Protection\n\nLook for input validation that runs **before** tool execution, not after LLM generation.\n\n```python\nimport re\nfrom pathlib import Path\n\ndef check_asi_01(project_path: str) -> dict:\n    \"\"\"ASI-01: Is user input validated before reaching tool execution?\"\"\"\n    positive_patterns = [\n        \"input_validation\", \"validate_input\", \"sanitize\",\n        \"classify_intent\", \"prompt_injection\", \"threat_detect\",\n        \"PolicyEvaluator\", \"PolicyEngine\", \"check_content\",\n    ]\n    negative_patterns = [\n        r\"eval\\(\", r\"exec\\(\", r\"subprocess\\.run\\(.*shell=True\",\n        r\"os\\.system\\(\",\n    ]\n\n    # Scan Python files for signals\n    root = Path(project_path)\n    positive_matches = []\n    negative_matches = []\n\n    for py_file in root.rglob(\"*.py\"):\n        content = py_file.read_text(errors=\"ignore\")\n        for pattern in positive_patterns:\n            if pattern in content:\n                positive_matches.append(f\"{py_file.name}: {pattern}\")\n        for pattern in negative_patterns:\n            if re.search(pattern, content):\n                negative_matches.append(f\"{py_file.name}: {pattern}\")\n\n    positive_found = len(positive_matches) > 0\n    negative_found = len(negative_matches) > 0\n\n    return {\n        \"risk\": \"ASI-01\",\n        \"name\": \"Prompt Injection\",\n        \"status\": \"pass\" if positive_found and not negative_found else \"fail\",\n        \"controls_found\": positive_matches,\n        \"vulnerabilities\": negative_matches,\n        \"recommendation\": \"Add input validation before tool execution, not just output filtering\"\n    }\n```\n\n**What passing looks like:**\n```python\n# GOOD: Validate before tool execution\nresult = policy_engine.evaluate(user_input)\nif result.action == \"deny\":\n    return \"Request blocked by policy\"\ntool_result = await execute_tool(validated_input)\n```\n\n**What failing looks like:**\n```python\n# BAD: User input goes directly to tool\ntool_result = await execute_tool(user_input)  # No validation\n```\n\n---\n\n## Check ASI-02: Insecure Tool Use\n\nVerify tools have allowlists, argument validation, and no unrestricted execution.\n\n**What to search for:**\n- Tool registration with explicit allowlists (not open-ended)\n- Argument validation before tool execution\n- No `subprocess.run(shell=True)` with user-controlled input\n- No `eval()` or `exec()` on agent-generated code without sandbox\n\n**Passing example:**\n```python\nALLOWED_TOOLS = {\"search\", \"read_file\", \"create_ticket\"}\n\ndef execute_tool(name: str, args: dict):\n    if name not in ALLOWED_TOOLS:\n        raise PermissionError(f\"Tool '{name}' not in allowlist\")\n    # validate args...\n    return tools[name](**validated_args)\n```\n\n---\n\n## Check ASI-03: Excessive Agency\n\nVerify agent capabilities are bounded — not open-ended.\n\n**What to search for:**\n- Explicit capability lists or execution rings\n- Scope limits on what the agent can access\n- Principle of least privilege applied to tool access\n\n**Failing:** Agent has access to all tools by default.\n**Passing:** Agent capabilities defined as a fixed allowlist, unknown tools denied.\n\n---\n\n## Check ASI-04: Unauthorized Escalation\n\nVerify agents cannot promote their own privileges.\n\n**What to search for:**\n- Privilege level checks before sensitive operations\n- No self-promotion patterns (agent changing its own trust score or role)\n- Escalation requires external attestation (human or SRE witness)\n\n**Failing:** Agent can modify its own configuration or permissions.\n**Passing:** Privilege changes require out-of-band approval (e.g., Ring 0 requires SRE attestation).\n\n---\n\n## Check ASI-05: Trust Boundary Violation\n\nIn multi-agent systems, verify that agents verify each other's identity before accepting instructions.\n\n**What to search for:**\n- Agent identity verification (DIDs, signed tokens, API keys)\n- Trust score checks before accepting delegated tasks\n- No blind trust of inter-agent messages\n- Delegation narrowing (child scope <= parent scope)\n\n**Passing example:**\n```python\ndef accept_task(sender_id: str, task: dict):\n    trust = trust_registry.get_trust(sender_id)\n    if not trust.meets_threshold(0.7):\n        raise PermissionError(f\"Agent {sender_id} trust too low: {trust.current()}\")\n    if not verify_signature(task, sender_id):\n        raise SecurityError(\"Task signature verification failed\")\n    return process_task(task)\n```\n\n---\n\n## Check ASI-06: Insufficient Logging\n\nVerify all agent actions produce structured, tamper-evident audit entries.\n\n**What to search for:**\n- Structured logging for every tool call (not just print statements)\n- Audit entries include: timestamp, agent ID, tool name, args, result, policy decision\n- Append-only or hash-chained log format\n- Logs stored separately from agent-writable directories\n\n**Failing:** Agent actions logged via `print()` or not logged at all.\n**Passing:** Structured JSONL audit trail with chain hashes, exported to secure storage.\n\n---\n\n## Check ASI-07: Insecure Identity\n\nVerify agents have cryptographic identity, not just string names.\n\n**Failing indicators:**\n- Agent identified by `agent_name = \"my-agent\"` (string only)\n- No authentication between agents\n- Shared credentials across agents\n\n**Passing indicators:**\n- DID-based identity (`did:web:`, `did:key:`)\n- Ed25519 or similar cryptographic signing\n- Per-agent credentials with rotation\n- Identity bound to specific capabilities\n\n---\n\n## Check ASI-08: Policy Bypass\n\nVerify policy enforcement is deterministic — not LLM-based.\n\n**What to search for:**\n- Policy evaluation uses deterministic logic (YAML rules, code predicates)\n- No LLM calls in the enforcement path\n- Policy checks cannot be skipped or overridden by the agent\n- Fail-closed behavior (if policy check errors, action is denied)\n\n**Failing:** Agent decides its own permissions via prompt (\"Am I allowed to...?\").\n**Passing:** PolicyEvaluator.evaluate() returns allow/deny in <0.1ms, no LLM involved.\n\n---\n\n## Check ASI-09: Supply Chain Integrity\n\nVerify agent plugins and tools have integrity verification.\n\n**What to search for:**\n- `INTEGRITY.json` or manifest files with SHA-256 hashes\n- Signature verification on plugin installation\n- Dependency pinning (no `@latest`, `>=` without upper bound)\n- SBOM generation\n\n---\n\n## Check ASI-10: Behavioral Anomaly\n\nVerify the system can detect and respond to agent behavioral drift.\n\n**What to search for:**\n- Circuit breakers that trip on repeated failures\n- Trust score decay over time (temporal decay)\n- Kill switch or emergency stop capability\n- Anomaly detection on tool call patterns (frequency, targets, timing)\n\n**Failing:** No mechanism to stop a misbehaving agent automatically.\n**Passing:** Circuit breaker trips after N failures, trust decays without activity, kill switch available.\n\n---\n\n## Compliance Report Format\n\n```markdown\n# OWASP ASI Compliance Report\nGenerated: 2026-04-01\nProject: my-agent-system\n\n## Summary: 7/10 Controls Covered\n\n| Risk | Status | Finding |\n|------|--------|---------|\n| ASI-01 Prompt Injection | PASS | PolicyEngine validates input before tool calls |\n| ASI-02 Insecure Tool Use | PASS | Tool allowlist enforced in governance.py |\n| ASI-03 Excessive Agency | PASS | Execution rings limit capabilities |\n| ASI-04 Unauthorized Escalation | PASS | Ring promotion requires attestation |\n| ASI-05 Trust Boundary | FAIL | No identity verification between agents |\n| ASI-06 Insufficient Logging | PASS | AuditChain with SHA-256 chain hashes |\n| ASI-07 Insecure Identity | FAIL | Agents use string names, no crypto identity |\n| ASI-08 Policy Bypass | PASS | Deterministic PolicyEvaluator, no LLM in path |\n| ASI-09 Supply Chain | FAIL | No integrity manifests or plugin signing |\n| ASI-10 Behavioral Anomaly | PASS | Circuit breakers and trust decay active |\n\n## Critical Gaps\n- ASI-05: Add agent identity verification using DIDs or signed tokens\n- ASI-07: Replace string agent names with cryptographic identity\n- ASI-09: Generate INTEGRITY.json manifests for all plugins\n\n## Recommendation\nInstall agent-governance-toolkit for reference implementations of all 10 controls:\npip install agent-governance-toolkit\n```\n\n---\n\n## Quick Assessment Questions\n\nUse these to rapidly assess an agent system:\n\n1. **Does user input pass through validation before reaching any tool?** (ASI-01)\n2. **Is there an explicit list of what tools the agent can call?** (ASI-02)\n3. **Can the agent do anything, or are its capabilities bounded?** (ASI-03)\n4. **Can the agent promote its own privileges?** (ASI-04)\n5. **Do agents verify each other's identity before accepting tasks?** (ASI-05)\n6. **Is every tool call logged with enough detail to replay it?** (ASI-06)\n7. **Does each agent have a unique cryptographic identity?** (ASI-07)\n8. **Is policy enforcement deterministic (not LLM-based)?** (ASI-08)\n9. **Are plugins/tools integrity-verified before use?** (ASI-09)\n10. **Is there a circuit breaker or kill switch?** (ASI-10)\n\nIf you answer \"no\" to any of these, that's a gap to address.\n\n---\n\n## Related Resources\n\n- [OWASP Agentic AI Threats](https://owasp.org/www-project-agentic-ai-threats/)\n- [Agent Governance Toolkit](https://github.com/microsoft/agent-governance-toolkit) — Reference implementation covering 10/10 ASI controls\n- [agent-governance skill](https://github.com/github/awesome-copilot/tree/main/skills/agent-governance) — Governance patterns for agent systems","tags":["agent","owasp","compliance","awesome","copilot","github","agent-skills","agents","custom-agents","github-copilot","hacktoberfest","prompt-engineering"],"capabilities":["skill","source-github","skill-agent-owasp-compliance","topic-agent-skills","topic-agents","topic-awesome","topic-custom-agents","topic-github-copilot","topic-hacktoberfest","topic-prompt-engineering"],"categories":["awesome-copilot"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/github/awesome-copilot/agent-owasp-compliance","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add github/awesome-copilot","source_repo":"https://github.com/github/awesome-copilot","install_from":"skills.sh"}},"qualityScore":"0.700","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 30743 github stars · SKILL.md body (11,261 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-04-22T00:52:03.112Z","embedding":null,"createdAt":"2026-04-18T20:39:27.436Z","updatedAt":"2026-04-22T00:52:03.112Z","lastSeenAt":"2026-04-22T00:52:03.112Z","tsv":"'-01':121,179,307,340,445,1192,1206,1383 '-02':126,193,530,1217,1398 '-03':131,206,622,1228,1411 '-04':135,218,682,1191,1237,1421 '-05':139,231,749,1246,1314,1434 '-06':144,245,852,1256,1448 '-07':148,260,934,1267,1325,1459 '-08':152,271,994,1279,1470 '-09':156,284,1071,1290,1334,1480 '-10':161,295,1111,1301,1491 '-256':1093,1263 '/github/awesome-copilot/tree/main/skills/agent-governance)':1533 '/microsoft/agent-governance-toolkit)':1520 '/www-project-agentic-ai-threats/)':1514 '0':435,441,743 '0.1':1064 '0.7':822 '01':334 '1':1371 '10':18,63,76,170,1352,1481 '10/10':1524 '2':1384 '2026':41,1190 '3':1399 '4':1412 '5':1422 '6':1435 '7':1449 '7/10':1199 '8':1460 '9':1471 'accept':767,785,806,1431 'access':96,651,659,663 'across':964 'act':99 'action':858,911,1044 'activ':1177,1310 'add':468,1315 'address':111,1505 'agenc':132,208,624,1230 'agent':2,8,13,26,46,53,58,68,86,92,109,238,264,577,626,649,661,670,686,707,724,756,760,773,794,826,857,884,906,910,938,948,951,955,961,965,983,1035,1048,1076,1122,1165,1196,1254,1271,1316,1328,1344,1357,1369,1394,1402,1415,1424,1452,1509,1515,1528,1537 'agent-gener':576 'agent-govern':1527 'agent-governance-toolkit':1343,1356 'agent-owasp-compli':1 'agent-writ':905 'ai':7,52,85,1510 'allow':585,603,1057 'allow/deny':1062 'allowlist':198,537,552,612,676,1223 'anomali':297,1113,1149,1303 'answer':1494 'anyth':1404 'api':779 'append':893 'append-on':892 'appli':656 'approv':740 'arg':597,614,619,888 'argument':199,538,557 'asi':16,40,48,61,74,118,120,125,130,134,138,143,147,151,155,160,178,192,205,217,230,244,259,270,283,294,306,333,339,444,529,621,681,748,851,933,993,1070,1110,1186,1205,1216,1227,1236,1245,1255,1266,1278,1289,1300,1313,1324,1333,1382,1397,1410,1420,1433,1447,1458,1469,1479,1490,1525 'assess':1361,1367 'attest':718,746,1244 'audit':146,249,293,864,880,923 'auditchain':1260 'authent':959 'automat':1166 'autonom':84 'avail':1180 'await':502,521 'bad':512 'band':739 'base':280,970,1005,1468 'behalf':101 'behavior':162,296,1039,1112,1123,1302 'blind':242,789 'block':497 'bound':629,988,1106,1409 'boundari':133,141,210,233,751,1248 'breaker':301,1130,1169,1306,1486 'bypass':273,996,1281 'call':94,186,254,875,1021,1153,1215,1396,1439 'cannot':687,1028 'capabl':209,304,627,639,671,991,1148,1235,1408 'chain':158,286,898,926,1073,1264,1292 'chang':708,734 'chatbot':90 'check':5,37,50,106,222,282,305,332,364,528,620,680,698,747,783,850,932,992,1027,1042,1069,1109 'child':798 'circuit':300,1129,1168,1305,1485 'classifi':356 'close':1038 'code':579,1017 'codebas':9,114 'complianc':4,36,49,165,1181,1187 'configur':729 'content':365,399,412,425 'control':119,137,460,569,1200,1353,1526 'cover':168,1201,1523 'creat':590 'credenti':240,963,984 'critic':79,1311 'crypto':1276 'cryptograph':263,940,979,1331,1456 'decay':1138,1142,1175,1309 'decid':1049 'decis':891 'def':331,592,805 'default':668 'defin':77,672 'deleg':786,796 'deni':494,679,1046 'depend':292,1100 'deploy':33 'detail':1443 'detect':299,361,1118,1150 'determinist':274,1001,1013,1283,1464 'dict':338,598,812 'did':776,1320 'did-bas':968 'direct':516 'directori':908 'drift':298,1124 'e.g':741 'ed25519':976 'els':458 'emerg':1146 'end':556,633 'enforc':142,276,999,1024,1224,1463 'enough':1442 'entri':865,881 'error':402,1043 'escal':136,220,684,715,1239 'eval':369,572 'evalu':24,51,1011 'everi':873,1437 'evid':257,863 'exampl':583,803 'excess':207,623,1229 'exec':371,574 'execut':204,319,348,473,487,503,522,543,561,593,642,1232 'exist':44 'explicit':551,638,1388 'export':928 'extern':717 'f':414,427,607,825 'fail':459,508,660,723,845,909,946,1037,1047,1158,1249,1270,1293 'fail-clos':1036 'failur':1135,1173 'file':382,395,589,1090 'filter':191,477 'find':1204 'fix':675 'format':900,1183 'found':431,437,453,457,461 'frequenc':1155 'gap':1312,1503 'generat':164,323,578,1108,1189,1335 'github.com':1519,1532 'github.com/github/awesome-copilot/tree/main/skills/agent-governance)':1531 'github.com/microsoft/agent-governance-toolkit)':1518 'goe':515 'good':483 'govern':129,1345,1358,1516,1529,1534 'governance.py':1226 'hash':897,927,1094,1265 'hash-chain':896 'human':719 'id':809,817,828,839,885 'ident':149,262,265,765,774,936,941,971,987,1251,1269,1277,1317,1332,1429,1457 'identifi':949 'ignor':403 'implement':110,1349,1522 'import':325,329 'includ':882 'indic':947,967 'industri':65 'initi':15,60 'inject':123,181,309,359,448,1208 'input':182,313,343,351,354,469,491,506,514,525,570,1212,1374 'insecur':194,261,531,935,1218,1268 'instal':1099,1342,1355 'instruct':768 'insuffici':246,853,1257 'integr':154,287,290,1074,1081,1295,1475 'integrity-verifi':1474 'integrity.json':1087,1336 'intent':357 'inter':793 'inter-ag':792 'involv':1068 'jsonl':922 'key':780,975 'kill':302,1143,1178,1488 'latest':1103 'least':215,654 'len':432,438 'level':697 'like':481,510 'limit':212,645,1234 'list':640,1389 'llm':189,279,322,1004,1020,1067,1286,1467 'llm-base':278,1003,1466 'llms':88 'log':145,247,258,854,871,899,901,912,917,1258,1440 'logic':1014 'look':176,311,480,509 'low':831 'manag':150 'manifest':1089,1296,1337 'map':43 'markdown':1184 'match':390,392,434,440,463,466 'mechan':1160 'messag':795 'misbehav':1164 'modifi':726 'monitor':163 'ms':1065 'multi':755 'multi-ag':754 'my-ag':953 'my-agent-system':1194 'n':1172 'name':173,269,446,595,600,609,617,887,945,952,1274,1329 'narrow':797 'negat':366,391,420,436,439,456,465 'negative_matches.append':426 'open':555,632 'open-end':554,631 'oper':225,701 'os':378 'out-of-band':736 'output':190,476 'overridden':1032 'overview':71 'owasp':3,12,39,47,57,73,1185,1508 'owasp.org':1513 'owasp.org/www-project-agentic-ai-threats/)':1512 'parent':800 'pass':450,479,582,669,732,802,920,966,1059,1167,1209,1221,1231,1240,1259,1282,1304,1375 'path':330,336,386,388,1025,1288 'pathlib':328 'pattern':350,367,405,408,410,416,418,421,424,429,706,1154,1535 'per':982 'per-ag':981 'permiss':281,731,1052 'permissionerror':606,824 'pin':1101 'pip':1354 'plugin':1077,1098,1298,1340 'plugins/tools':289,1473 'polici':153,272,275,499,890,995,998,1010,1026,1041,1280,1462 'policy_engine.evaluate':489 'policyengin':363,1210 'policyevalu':362,1284 'policyevaluator.evaluate':1060 'posit':349,389,407,430,433,452,462 'positive_matches.append':413 'postur':30,70 'predic':1018 'principl':213,652 'print':878,914 'privileg':216,221,655,691,696,733,1419 'process':847 'produc':859 'product':32 'project':335,387,1193 'promot':229,688,705,1242,1416 'prompt':122,180,308,358,447,1054,1207 'protect':124,310 'py':394,398 'py_file.name':415,428 'py_file.read':400 'python':324,381,482,511,584,804 'question':1362 'quick':1360 'r':368,370,372,377 'rais':605,823,840 'rapid':1366 'raw':202 're':326 're.search':423 'reach':346,1379 'read':588 'recommend':467,1341 'refer':1348,1521 'registr':549 'relat':1506 'repeat':1134 'replac':1326 'replay':1445 'report':166,1182,1188 'request':496 'requir':716,735,744,1243 'resourc':1507 'respond':1120 'result':488,501,520,889 'result.action':493 'return':442,495,615,846,1061 'ring':643,742,1233,1241 'risk':19,81,113,171,172,443,1202 'role':714 'root':385 'root.rglob':397 'rotat':986 'rule':1016 'run':34,316,374 'sandbox':581 'sanit':355 'sbom':1107 'scan':115,380 'scope':211,644,799,801 'score':712,782,1137 'search':546,587,636,694,771,868,1008,1085,1127 'secur':14,29,59,69,80,930 'securit':45 'securityerror':841 'self':228,704 'self-promot':227,703 'sender':808,816,827,838 'sensit':224,700 'separ':903 'sha':1092,1262 'share':962 'shell':203,375,564 'sign':239,288,777,980,1299,1322 'signal':384 'signatur':836,843,1095 'similar':978 'skill':22,105,1530 'skill-agent-owasp-compliance' 'skip':1030 'source-github' 'specif':82,990 'sre':721,745 'standard':42,66 'statement':879 'status':449,1203 'stop':1147,1162 'storag':931 'store':902 'str':337,596,810 'string':268,944,956,1273,1327 'structur':248,860,870,921 'subprocess':373 'subprocess.run':563 'summari':1198 'suppli':157,285,1072,1291 'switch':303,1144,1179,1489 'system':27,54,97,379,757,1116,1197,1370,1538 'tamper':256,862 'tamper-evid':255,861 'target':1156 'task':787,807,811,837,842,848,849,1432 'tempor':1141 'text':401 'threat':360,1511 'threshold':821 'ticket':591 'time':1140,1157 'timestamp':883 'token':778,1323 'tool':95,127,185,195,197,253,318,347,472,486,500,504,518,519,523,532,535,548,560,586,594,604,608,616,658,666,678,874,886,1079,1152,1214,1219,1222,1381,1392,1438 'toolkit':1346,1359,1517 'top':17,62,75 'topic-agent-skills' 'topic-agents' 'topic-awesome' 'topic-custom-agents' 'topic-github-copilot' 'topic-hacktoberfest' 'topic-prompt-engineering' 'trail':250,924 'trip':1132,1170 'true':376,565 'trust':140,232,235,243,711,750,781,790,813,815,829,1136,1174,1247,1308 'trust.current':832 'trust.meets':820 'trust_registry.get':814 'unauthor':219,683,1238 'uniqu':1455 'unknown':677 'unrestrict':542 'upper':1105 'use':20,128,196,533,1012,1220,1272,1319,1363,1478 'user':103,342,490,513,524,568,1373 'user-control':567 'valid':183,200,314,344,352,353,470,484,505,527,539,558,613,618,1211,1377 'verif':159,236,291,775,844,1082,1096,1252,1318 'verifi':534,625,685,758,761,835,855,937,997,1075,1114,1425,1476 'via':913,1053 'violat':234,752 'vulner':464 'web':973 'whether':107 'wit':722 'without':580,1104,1176 'writabl':907 'x/10':167 'yaml':1015","prices":[{"id":"0f5eff04-e4bd-4d3b-a04a-f135e7ac8487","listingId":"9e8ec650-4c39-4356-9949-8b00aaf6dfb4","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"github","category":"awesome-copilot","install_from":"skills.sh"},"createdAt":"2026-04-18T20:39:27.436Z"}],"sources":[{"listingId":"9e8ec650-4c39-4356-9949-8b00aaf6dfb4","source":"github","sourceId":"github/awesome-copilot/agent-owasp-compliance","sourceUrl":"https://github.com/github/awesome-copilot/tree/main/skills/agent-owasp-compliance","isPrimary":false,"firstSeenAt":"2026-04-18T21:48:06.842Z","lastSeenAt":"2026-04-22T00:52:03.112Z"},{"listingId":"9e8ec650-4c39-4356-9949-8b00aaf6dfb4","source":"skills_sh","sourceId":"github/awesome-copilot/agent-owasp-compliance","sourceUrl":"https://skills.sh/github/awesome-copilot/agent-owasp-compliance","isPrimary":true,"firstSeenAt":"2026-04-18T20:39:27.436Z","lastSeenAt":"2026-04-21T12:53:34.042Z"}],"details":{"listingId":"9e8ec650-4c39-4356-9949-8b00aaf6dfb4","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"github","slug":"agent-owasp-compliance","github":{"repo":"github/awesome-copilot","stars":30743,"topics":["agent-skills","agents","ai","awesome","custom-agents","github-copilot","hacktoberfest","prompt-engineering"],"license":"mit","html_url":"https://github.com/github/awesome-copilot","pushed_at":"2026-04-21T22:20:21Z","description":"Community-contributed instructions, agents, skills, and configurations to help you make the most of GitHub Copilot.","skill_md_sha":"3c4032dc5e2f69709fbfc040caf5c77dee756136","skill_md_path":"skills/agent-owasp-compliance/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/github/awesome-copilot/tree/main/skills/agent-owasp-compliance"},"layout":"multi","source":"github","category":"awesome-copilot","frontmatter":{"name":"agent-owasp-compliance","description":"Check any AI agent codebase against the OWASP Agentic Security Initiative (ASI) Top 10 risks.\nUse this skill when:\n- Evaluating an agent system's security posture before production deployment\n- Running a compliance check against OWASP ASI 2026 standards\n- Mapping existing security controls to the 10 agentic risks\n- Generating a compliance report for security review or audit\n- Comparing agent framework security features against the standard\n- Any request like \"is my agent OWASP compliant?\", \"check ASI compliance\", or \"agentic security audit\""},"skills_sh_url":"https://skills.sh/github/awesome-copilot/agent-owasp-compliance"},"updatedAt":"2026-04-22T00:52:03.112Z"}}