feat(skills): add aidd-review-agents skill for OWASP Agentic AI Top 10#171
feat(skills): add aidd-review-agents skill for OWASP Agentic AI Top 10#1712witstudios wants to merge 6 commits intomainfrom
Conversation
Systematic agentic AI security review skill with 30 pattern-matched rules covering all 10 OWASP Agentic AI categories (ASI01–ASI10): goal hijack, tool misuse, privilege abuse, supply chain, code execution, memory poisoning, inter-agent comms, cascading failures, trust exploitation, and rogue agents. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…indings Addresses false positive feedback from real-world testing. Adds three safeguards: mandatory file:line citation for every finding, a product context gathering phase before pattern matching, and a verify-or-drop gate that moves unverifiable matches to Open Questions. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add missing required sections: When to use, Examples, Edge cases - Fix title to match peer convention (aidd-review-agents not prose) - Remove duplicated process instructions from Criteria block - Add prose constraint and compatibility field - Add description frontmatter to command file - Fix README first line to imperative form - Rephrase step 1 to avoid unnecessary blocking on user input Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add full OWASP Top 10 for Agentic Applications 2026 spec as a references/ doc so the review skill has authoritative source material for all 10 ASI categories. Wire it into the SKILL.md Criteria section. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 2692bf9d4b
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| @@ -0,0 +1,7 @@ | |||
| # 🛡️ Agentic AI Security Review | |||
There was a problem hiding this comment.
Adding this new command without updating ai/commands/index.md leaves the command directory index stale, which breaks the documented progressive-discovery flow in AGENTS.md (agents read index files to discover available commands). In practice, /review-agents may be missed by agents/users who rely on the index rather than scanning every file, so this feature is only partially discoverable until indexes are regenerated.
Useful? React with 👍 / 👎.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 participant
Summary
aidd-review-agentsskill that reviews agentic AI systems against the OWASP Top 10 for Agentic Applications 2026references/owasp-agentic-top-10.mdwith CC BY-SA 4.0 attribution — covers all 10 ASI categories with descriptions, attack scenarios, and prevention guidelines/review-agentscommand, cross-references from/reviewand/please, and skills index entryWhat it does
The skill walks each OWASP Agentic AI Top 10 item (ASI01–ASI10) against the codebase:
The review process: gather product context → inventory agentic components → map trust boundaries → verify each pattern with code evidence → report findings ranked by severity.
Files changed
ai/skills/aidd-review-agents/SKILL.md— skill definition with patterns, constraints, and review processai/skills/aidd-review-agents/README.md— usage docsai/skills/aidd-review-agents/references/owasp-agentic-top-10.md— full OWASP spec referenceai/commands/review-agents.md— command shimai/skills/aidd-please/SKILL.md— added/review-agentsto command listai/skills/aidd-review/SKILL.md— cross-reference to use/aidd-review-agentsfor agentic codeai/skills/index.md— added index entryReferences
Test plan
/review-agentsagainst a codebase with agentic components and verify it produces evidence-based findings with file:line citations/reviewsuggests using/aidd-review-agentsfor agentic code🤖 Generated with Claude Code