The Top 10 Risks — Visual Overview
OWASP Agentic Skills Top 10 — Visual Overview
A one-screen map of all ten risks. The diagram shows where each risk attacks the skill lifecycle; the cards below summarise what each risk is and link to full details. Severity is shown by both colour and label, so the page is readable without relying on colour alone.
Prefer text? See the summary table or the practical assessment checklist.
The same skill can be attacked at multiple phases — these are the primary points where each risk lands.
Critical
High
Medium
AST01Critical
Malicious Skills
Skills that look legitimate but hide credential stealers, reverse shells, or prose instructions that hijack the agent.
Read AST01 →
AST02Critical
Supply Chain Compromise
Registries without provenance let attackers mass-upload, take over accounts, and poison distribution channels.
Read AST02 →
AST03High
Over-Privileged Skills
Skills granted far more access than they need — weaponisable by prompt injection into a huge blast radius.
Read AST03 →
AST04High
Insecure Metadata
Unvalidated, unsigned metadata enables brand impersonation, understated permissions, and poisoned search.
Read AST04 →
AST05High
Unsafe Deserialization
YAML/JSON/Markdown parsers execute embedded payloads at skill-load time — before any user action.
Read AST05 →
AST06High
Weak Isolation
Skills run in the agent's full security context — with no sandbox, every skill is a potential full-system compromise.
Read AST06 →
AST07Medium
Update Drift
Without pinning or verification, skills silently drift to vulnerable — or freshly malicious — versions.
Read AST07 →
AST08Medium
Poor Scanning
Natural-language-plus-code blends defeat signature scanners, so malicious skills pass every automated check.
Read AST08 →
AST09Medium
No Governance
No inventory, approval, audit, or revocation — a shadow-AI layer that security teams cannot see or control.
Read AST09 →
AST10Medium
Cross-Platform Reuse
Porting skills across platforms drops the source format's security metadata, opening exploitable gaps.
Read AST10 →
Full details
Each risk has a dedicated page with attack scenarios, preventive mitigations, OWASP and MAESTRO mappings, and platform-specific guidance:
| # | Risk | Severity |
|---|---|---|
| AST01 | Malicious Skills | Critical |
| AST02 | Supply Chain Compromise | Critical |
| AST03 | Over-Privileged Skills | High |
| AST04 | Insecure Metadata | High |
| AST05 | Unsafe Deserialization | High |
| AST06 | Weak Isolation | High |
| AST07 | Update Drift | Medium |
| AST08 | Poor Scanning | Medium |
| AST09 | No Governance | Medium |
| AST10 | Cross-Platform Reuse | Medium |
For the full project overview see the home page; for a hands-on audit use the security checklist.
Example
Put whatever you like here: news, screenshots, features, supporters, or remove this file and don’t use tabs at all.