Agent Skills › Eyadkelleh/awesome-skills-security

Eyadkelleh/awesome-skills-security

GitHub

提供全面的LLM安全测试提示词和词表,用于检测偏见、数据泄露、对齐问题及对抗性攻击。适用于AI安全研究、红队演练、偏见评估、隐私审计及教育目的,帮助评估模型的安全性、鲁棒性和伦理边界。

7 skills 328

Install All Skills

npx skills add Eyadkelleh/awesome-skills-security --all -g -y
More Options

List skills in collection

npx skills add Eyadkelleh/awesome-skills-security --list

Skills in Collection (7)

提供全面的LLM安全测试提示词和词表,用于检测偏见、数据泄露、对齐问题及对抗性攻击。适用于AI安全研究、红队演练、偏见评估、隐私审计及教育目的,帮助评估模型的安全性、鲁棒性和伦理边界。
需要评估大语言模型的安全性与鲁棒性 进行AI红队演练或安全审计 检测模型中的偏见或歧视 验证隐私保护与数据防泄露能力 测试模型对对抗性提示的抵抗力
skills/llm-testing/SKILL.md
npx skills add Eyadkelleh/awesome-skills-security --skill llm-testing -g -y
SKILL.md
Frontmatter
{
    "name": "llm-testing",
    "description": "Comprehensive LLM security testing prompts for bias detection, data leakage, alignment testing, and adversarial prompt resistance."
}

LLM Testing Skill

Description

Comprehensive testing prompts and wordlists for evaluating Large Language Model (LLM) security, safety, and robustness. This skill provides curated test cases for bias detection, data leakage prevention, alignment testing, privacy boundaries, and adversarial prompt resistance.

Purpose

This skill is designed for security researchers, AI safety engineers, and red team operators to assess LLM vulnerabilities and ensure models:

  • Maintain ethical boundaries and safety guidelines
  • Avoid data leakage and privacy violations
  • Resist bias and discrimination
  • Prevent adversarial prompt attacks
  • Maintain alignment with intended behavior

Authorized Use Cases

  • AI Safety Research: Testing LLM models for safety and alignment issues
  • Security Auditing: Red team operations for AI/ML systems
  • Bias Detection: Evaluating models for fairness and bias
  • Privacy Testing: Verifying models don't leak training data or PII
  • Educational Purposes: Teaching AI security concepts and vulnerabilities
  • Responsible AI Development: Building more robust and secure LLMs

Test Categories

1. Bias Testing

Test for biases in LLM responses across various dimensions:

Gender Bias (Bias_Testing/gender_bias.txt)

  • Prompts to reveal gender stereotypes and biases
  • Career and role associations
  • Behavioral and capability assumptions
  • Note: Replace [GENDER] placeholder before use

Nationality & Geographic Bias (Bias_Testing/nationality_geographic_bias.txt)

  • Cultural stereotypes and geographic prejudices
  • Regional capability assumptions
  • Note: Replace [COUNTRY], [REGION], [NATIONALITY] placeholders

Race & Ethnicity Bias (Bias_Testing/race_ethnicity_bias.txt)

  • Racial and ethnic stereotypes
  • Discriminatory patterns in responses
  • Note: Replace [SKIN_COLOR] placeholder before use

2. Data Leakage & Privacy Testing

Assess model's handling of sensitive information:

Personal Data Generation (Data_Leakage/personal_data.txt)

  • Tests for PII generation capabilities
  • Verifies privacy boundaries
  • Checks for inadvertent personal information creation

Metadata Leakage (Data_Leakage/metadata.txt)

  • Tests for training data remnants
  • Checks for unintended information disclosure

Memory Recall (Memory_Recall_Testing/session_recall.txt)

  • Session-based memory testing
  • Cross-conversation data retention
  • Note: Replace [COUNTRY], [REGION], [NATIONALITY] placeholders

3. Divergence & Alignment Attacks

Test model alignment and resistance to adversarial prompts:

Escape Alignment Training (Divergence_attack/escape_out_of_allignment_training.txt)

  • Prompts attempting to bypass safety training
  • Tests for alignment robustness
  • Ethical boundary challenges

Pre-training Data Extraction (Divergence_attack/pre-training_data.txt)

  • Attempts to extract training data
  • Tests for memorization vulnerabilities

Usage Instructions

Basic Usage

# Reference the LLM Testing skill
"Use the llm-testing skill to test this model for gender bias"

# Access specific test categories
"Show me prompts from the llm-testing skill for testing data leakage"

# Run comprehensive testing
"Use the llm-testing skill to perform a full security audit of this LLM"

Replacing Placeholders

Before using bias and memory recall tests, replace placeholders:

# Example: Replacing placeholders in gender bias tests
import re

with open('Bias_Testing/gender_bias.txt', 'r') as f:
    prompts = f.read()

# Replace [GENDER] with actual gender terms
test_prompts = []
for gender in ['man', 'woman', 'non-binary person']:
    test_prompts.append(prompts.replace('[GENDER]', gender))

Testing Workflow

  1. Select Test Category: Choose bias, privacy, or alignment tests
  2. Prepare Prompts: Replace placeholders if needed
  3. Execute Tests: Submit prompts to target LLM
  4. Document Results: Record responses and flag issues
  5. Analyze Patterns: Look for systematic problems
  6. Report Findings: Document vulnerabilities responsibly

Best Practices

Ethical Testing Guidelines

  1. Authorization Required: Only test models you own or have permission to test
  2. Responsible Disclosure: Report vulnerabilities through proper channels
  3. No Exploitation: Use findings for improvement, not exploitation
  4. Privacy Protection: Don't share PII discovered during testing
  5. Documentation: Keep detailed records of testing methodology and results

Testing Methodology

  • Baseline Establishment: Test multiple times to establish patterns
  • Controlled Environment: Use isolated testing environments
  • Systematic Approach: Test one category at a time
  • Diverse Scenarios: Use various prompt formulations
  • Cross-Validation: Verify findings with different approaches

Interpreting Results

  • Context Matters: Consider the model's intended use case
  • Statistical Significance: Don't rely on single responses
  • Severity Assessment: Classify findings by impact level
  • False Positives: Verify actual vulnerabilities vs. expected behavior

Security Considerations

Red Team Operations

  • Use these prompts as part of comprehensive AI red teaming
  • Combine with other security testing methodologies
  • Focus on discovering vulnerabilities before adversaries do

Defensive Applications

  • Train models to better resist these attack patterns
  • Build detection systems for adversarial prompts
  • Improve safety alignment and guardrails

File Structure

LLM_Testing/
├── SKILL.md (this file)
├── README.md
├── Bias_Testing/
│   ├── gender_bias.txt
│   ├── nationality_geographic_bias.txt
│   └── race_ethnicity_bias.txt
├── Data_Leakage/
│   ├── personal_data.txt
│   └── metadata.txt
├── Memory_Recall_Testing/
│   └── session_recall.txt
└── Divergence_attack/
    ├── escape_out_of_allignment_training.txt
    └── pre-training_data.txt

Integration with Other Skills

This LLM Testing skill works well with:

  • Security Fuzzing: Use fuzzing techniques alongside prompt testing
  • Security Patterns: Apply pattern matching to detect vulnerabilities
  • Pentest Advisor: Get strategic guidance for comprehensive AI testing

Legal and Ethical Notice

IMPORTANT: These test prompts are designed for authorized security research and responsible AI development only.

Authorized Use:

  • Testing your own AI models and systems
  • Authorized red team operations with written permission
  • AI safety research in academic or corporate settings
  • Educational demonstrations in controlled environments
  • Responsible vulnerability disclosure programs

Prohibited Use:

  • Testing models without authorization
  • Exploiting discovered vulnerabilities
  • Attempting to jailbreak production AI systems
  • Creating harmful content or tools
  • Violating terms of service of AI platforms

Contributing

To add new test cases or categories:

  1. Follow the existing file structure and naming conventions
  2. Include clear documentation for any placeholders
  3. Test prompts for effectiveness and safety
  4. Submit via pull request with detailed description

References

Version

1.0.0

License

MIT License - Use responsibly and ethically for authorized testing only.

Disclaimer

This skill is provided for security research and AI safety improvement. Users are responsible for ensuring they have proper authorization before testing any AI systems. The maintainers are not responsible for misuse of these testing resources.

提供SQL注入、命令注入等安全测试的精选模糊测试载荷。适用于授权渗透测试、漏洞赏金、CTF及教育用途,确保合规使用。
进行SQL注入测试 执行命令注入测试 输入验证测试 LDAP或NoSQL注入测试
skills/security-fuzzing/SKILL.md
npx skills add Eyadkelleh/awesome-skills-security --skill security-fuzzing -g -y
SKILL.md
Frontmatter
{
    "name": "security-fuzzing",
    "description": "Essential fuzzing payloads: SQL injection, command injection, special characters. Curated essentials for vulnerability testing."
}

SecLists Fuzzing (Curated)

Description

Essential fuzzing payloads: SQL injection, command injection, special characters. Curated essentials for vulnerability testing.

Source: SecLists/Fuzzing Repository: https://github.com/danielmiessler/SecLists License: MIT

When to Use This Skill

Use this skill when you need:

  • SQL injection testing
  • Command injection testing
  • Input validation testing
  • LDAP injection
  • NoSQL injection

⚠️ IMPORTANT: Only use for authorized security testing, bug bounty programs, CTF competitions, or educational purposes.

Key Files in This Skill

  • quick-SQLi.txt - Quick SQL injection tests
  • Generic-SQLi.txt - Generic SQL injection
  • sqli.auth.bypass.txt - Authentication bypass
  • MySQL.fuzzdb.txt - MySQL-specific payloads
  • NoSQL.txt - NoSQL injection payloads
  • command-injection-commix.txt - Command injection

Usage Example

# Access files from this skill
import os

# Example: Load patterns/payloads
skill_path = "references/Fuzzing"

# List all available files
for root, dirs, files in os.walk(skill_path):
    for file in files:
        if file.endswith('.txt'):
            filepath = os.path.join(root, file)
            print(f"Found: {filepath}")
            
            # Read file content
            with open(filepath, 'r', errors='ignore') as f:
                content = f.read().splitlines()
                print(f"  Lines: {len(content)}")

Security & Ethics

Authorized Use Cases ✅

  • Authorized penetration testing with written permission
  • Bug bounty programs (within scope)
  • CTF competitions
  • Security research in controlled environments
  • Testing your own systems
  • Educational demonstrations

Prohibited Use Cases ❌

  • Unauthorized access attempts
  • Testing without permission
  • Malicious activities
  • Privacy violations
  • Any illegal activities

Complete SecLists Collection

This is a curated subset of SecLists. For the complete collection:


Generated by Skill Seeker | SecLists Fuzzing Collection License: MIT - Use responsibly with proper authorization

提供经授权的密码测试列表,包括常见、泄露及最弱密码。用于渗透测试、凭证验证、暴力破解及CTF竞赛等安全评估场景,严禁未授权访问或恶意使用。
需要进行授权密码喷洒测试 执行凭证或密码策略验证 开展授权暴力破解测试 参与CTF竞赛或安全研究
skills/security-passwords/SKILL.md
npx skills add Eyadkelleh/awesome-skills-security --skill security-passwords -g -y
SKILL.md
Frontmatter
{
    "name": "security-passwords",
    "description": "Top password lists for authorized security testing: common passwords, darkweb leaks, worst passwords. Curated essentials (<10MB)."
}

SecLists Passwords (Curated)

Description

Top password lists for authorized security testing: common passwords, darkweb leaks, worst passwords. Curated essentials (<10MB).

Source: SecLists/Passwords Repository: https://github.com/danielmiessler/SecLists License: MIT

When to Use This Skill

Use this skill when you need:

  • Password spraying (authorized)
  • Credential testing
  • Password policy validation
  • Brute force testing (authorized)
  • Authentication testing

⚠️ IMPORTANT: Only use for authorized security testing, bug bounty programs, CTF competitions, or educational purposes.

Key Files in This Skill

  • 500-worst-passwords.txt - 500 worst passwords
  • 10k-most-common.txt - 10K common passwords
  • 100k-most-used-passwords-NCSC.txt - 100K passwords
  • darkweb2017_top-10000.txt - 10K from breaches
  • probable-v2_top-12000.txt - 12K probable passwords

Usage Example

# Access files from this skill
import os

# Example: Load patterns/payloads
skill_path = "references/Passwords"

# List all available files
for root, dirs, files in os.walk(skill_path):
    for file in files:
        if file.endswith('.txt'):
            filepath = os.path.join(root, file)
            print(f"Found: {filepath}")
            
            # Read file content
            with open(filepath, 'r', errors='ignore') as f:
                content = f.read().splitlines()
                print(f"  Lines: {len(content)}")

Security & Ethics

Authorized Use Cases ✅

  • Authorized penetration testing with written permission
  • Bug bounty programs (within scope)
  • CTF competitions
  • Security research in controlled environments
  • Testing your own systems
  • Educational demonstrations

Prohibited Use Cases ❌

  • Unauthorized access attempts
  • Testing without permission
  • Malicious activities
  • Privacy violations
  • Any illegal activities

Complete SecLists Collection

This is a curated subset of SecLists. For the complete collection:


Generated by Skill Seeker | SecLists Passwords Collection License: MIT - Use responsibly with proper authorization

提供API密钥、信用卡、邮箱等敏感数据模式,用于安全测试中的数据发现与验证。仅限授权渗透测试、漏洞赏金或CTF等合法场景使用,严禁恶意行为。
代码或日志中的API密钥检测 信用卡格式验证测试 IP地址发现 SSN或电话号码模式测试
skills/security-patterns/SKILL.md
npx skills add Eyadkelleh/awesome-skills-security --skill security-patterns -g -y
SKILL.md
Frontmatter
{
    "name": "security-patterns",
    "description": "Sensitive data patterns for security testing: API keys, credit cards, emails, SSNs, phone numbers, IPs, and more. Use for data discovery and validation."
}

SecLists Pattern-Matching

Description

Sensitive data patterns for security testing: API keys, credit cards, emails, SSNs, phone numbers, IPs, and more. Use for data discovery and validation.

Source: SecLists/Pattern-Matching Repository: https://github.com/danielmiessler/SecLists License: MIT

When to Use This Skill

Use this skill when you need:

  • API key detection in code/logs
  • Credit card validation testing
  • Email pattern matching
  • IP address discovery
  • SSN format validation
  • Phone number pattern testing

⚠️ IMPORTANT: Only use for authorized security testing, bug bounty programs, CTF competitions, or educational purposes.

Key Files in This Skill

  • api-keys.txt - API key patterns
  • credit-cards.txt - Credit card formats
  • email-addresses.txt - Email patterns
  • ip-addresses.txt - IP address patterns
  • ssn.txt - Social Security Number patterns
  • phone-numbers.txt - Phone number formats

Usage Example

# Access files from this skill
import os

# Example: Load patterns/payloads
skill_path = "references/Pattern-Matching"

# List all available files
for root, dirs, files in os.walk(skill_path):
    for file in files:
        if file.endswith('.txt'):
            filepath = os.path.join(root, file)
            print(f"Found: {filepath}")
            
            # Read file content
            with open(filepath, 'r', errors='ignore') as f:
                content = f.read().splitlines()
                print(f"  Lines: {len(content)}")

Security & Ethics

Authorized Use Cases ✅

  • Authorized penetration testing with written permission
  • Bug bounty programs (within scope)
  • CTF competitions
  • Security research in controlled environments
  • Testing your own systems
  • Educational demonstrations

Prohibited Use Cases ❌

  • Unauthorized access attempts
  • Testing without permission
  • Malicious activities
  • Privacy violations
  • Any illegal activities

Complete SecLists Collection

This is a curated subset of SecLists. For the complete collection:


Generated by Skill Seeker | SecLists Pattern-Matching Collection License: MIT - Use responsibly with proper authorization

提供经筛选的安全测试载荷,用于防病毒检测、文件上传及路径遍历等授权安全测试。仅限渗透测试、漏洞赏金或CTF等合法场景使用,严禁恶意攻击。
需要测试防病毒软件有效性 进行文件上传功能安全测试 验证路径遍历漏洞防护 参与CTF比赛或授权渗透测试
skills/security-payloads/SKILL.md
npx skills add Eyadkelleh/awesome-skills-security --skill security-payloads -g -y
SKILL.md
Frontmatter
{
    "name": "security-payloads",
    "description": "Essential exploitation payloads: anti-virus test files, file name exploits, malicious files. Curated for testing."
}

SecLists Payloads (Curated)

Description

Essential exploitation payloads: anti-virus test files, file name exploits, malicious files. Curated for testing.

Source: SecLists/Payloads Repository: https://github.com/danielmiessler/SecLists License: MIT

When to Use This Skill

Use this skill when you need:

  • Anti-virus testing
  • File upload testing
  • Path traversal testing
  • Security control validation

⚠️ IMPORTANT: Only use for authorized security testing, bug bounty programs, CTF competitions, or educational purposes.

Key Files in This Skill

  • EICAR test file
  • Null byte file names
  • Command execution file names

Usage Example

# Access files from this skill
import os

# Example: Load patterns/payloads
skill_path = "references/Payloads"

# List all available files
for root, dirs, files in os.walk(skill_path):
    for file in files:
        if file.endswith('.txt'):
            filepath = os.path.join(root, file)
            print(f"Found: {filepath}")
            
            # Read file content
            with open(filepath, 'r', errors='ignore') as f:
                content = f.read().splitlines()
                print(f"  Lines: {len(content)}")

Security & Ethics

Authorized Use Cases ✅

  • Authorized penetration testing with written permission
  • Bug bounty programs (within scope)
  • CTF competitions
  • Security research in controlled environments
  • Testing your own systems
  • Educational demonstrations

Prohibited Use Cases ❌

  • Unauthorized access attempts
  • Testing without permission
  • Malicious activities
  • Privacy violations
  • Any illegal activities

Complete SecLists Collection

This is a curated subset of SecLists. For the complete collection:


Generated by Skill Seeker | SecLists Payloads Collection License: MIT - Use responsibly with proper authorization

提供经筛选的用户名枚举列表,用于授权渗透测试、漏洞赏金及CTF竞赛中的默认凭证测试与用户发现。仅限合法合规场景,严禁未授权访问或恶意活动。
需要进行用户名枚举的授权渗透测试 测试系统默认凭证实用性 参与CTF比赛或安全研究
skills/security-usernames/SKILL.md
npx skills add Eyadkelleh/awesome-skills-security --skill security-usernames -g -y
SKILL.md
Frontmatter
{
    "name": "security-usernames",
    "description": "Top username lists for enumeration: common usernames, default credentials, names. Curated essentials for authorized testing."
}

SecLists Usernames (Curated)

Description

Top username lists for enumeration: common usernames, default credentials, names. Curated essentials for authorized testing.

Source: SecLists/Usernames Repository: https://github.com/danielmiessler/SecLists License: MIT

When to Use This Skill

Use this skill when you need:

  • Username enumeration (authorized)
  • Default credential testing
  • User discovery
  • Account validation

⚠️ IMPORTANT: Only use for authorized security testing, bug bounty programs, CTF competitions, or educational purposes.

Key Files in This Skill

  • top-usernames-shortlist.txt - Most common usernames
  • cirt-default-usernames.txt - Default system usernames
  • Names/names.txt - Common first/last names

Usage Example

# Access files from this skill
import os

# Example: Load patterns/payloads
skill_path = "references/Usernames"

# List all available files
for root, dirs, files in os.walk(skill_path):
    for file in files:
        if file.endswith('.txt'):
            filepath = os.path.join(root, file)
            print(f"Found: {filepath}")
            
            # Read file content
            with open(filepath, 'r', errors='ignore') as f:
                content = f.read().splitlines()
                print(f"  Lines: {len(content)}")

Security & Ethics

Authorized Use Cases ✅

  • Authorized penetration testing with written permission
  • Bug bounty programs (within scope)
  • CTF competitions
  • Security research in controlled environments
  • Testing your own systems
  • Educational demonstrations

Prohibited Use Cases ❌

  • Unauthorized access attempts
  • Testing without permission
  • Malicious activities
  • Privacy violations
  • Any illegal activities

Complete SecLists Collection

This is a curated subset of SecLists. For the complete collection:


Generated by Skill Seeker | SecLists Usernames Collection License: MIT - Use responsibly with proper authorization

提供多种语言Web shell样本,用于授权的安全检测、IDS/IPS签名测试、恶意软件分析及取证研究。仅限渗透测试、漏洞赏金、CTF及教育用途,严禁非法访问。
Web shell检测测试 安全监控验证 恶意软件分析 IDS/IPS签名测试 取证研究
skills/security-webshells/SKILL.md
npx skills add Eyadkelleh/awesome-skills-security --skill security-webshells -g -y
SKILL.md
Frontmatter
{
    "name": "security-webshells",
    "description": "Web shell samples for detection and analysis: PHP, ASP, ASPX, JSP, Python, Perl shells. Use for security research and detection system testing."
}

SecLists Web-Shells

Description

Web shell samples for detection and analysis: PHP, ASP, ASPX, JSP, Python, Perl shells. Use for security research and detection system testing.

Source: SecLists/Web-Shells Repository: https://github.com/danielmiessler/SecLists License: MIT

When to Use This Skill

Use this skill when you need:

  • Web shell detection testing
  • Security monitoring validation
  • Malware analysis
  • IDS/IPS signature testing
  • Forensics research

⚠️ IMPORTANT: Only use for authorized security testing, bug bounty programs, CTF competitions, or educational purposes.

Key Files in This Skill

  • PHP shells - Common PHP web shells
  • ASP/ASPX shells - Microsoft web shells
  • JSP shells - Java server pages shells
  • Python shells - Python-based shells
  • Perl shells - Perl web shells

Usage Example

# Access files from this skill
import os

# Example: Load patterns/payloads
skill_path = "references/Web-Shells"

# List all available files
for root, dirs, files in os.walk(skill_path):
    for file in files:
        if file.endswith('.txt'):
            filepath = os.path.join(root, file)
            print(f"Found: {filepath}")
            
            # Read file content
            with open(filepath, 'r', errors='ignore') as f:
                content = f.read().splitlines()
                print(f"  Lines: {len(content)}")

Security & Ethics

Authorized Use Cases ✅

  • Authorized penetration testing with written permission
  • Bug bounty programs (within scope)
  • CTF competitions
  • Security research in controlled environments
  • Testing your own systems
  • Educational demonstrations

Prohibited Use Cases ❌

  • Unauthorized access attempts
  • Testing without permission
  • Malicious activities
  • Privacy violations
  • Any illegal activities

Complete SecLists Collection

This is a curated subset of SecLists. For the complete collection:


Generated by Skill Seeker | SecLists Web-Shells Collection License: MIT - Use responsibly with proper authorization

Home - Wiki
Copyright © 2011-2026 iteam. Current version is 2.155.2. UTC+08:00, 2026-07-13 21:21
浙ICP备14020137号-1 $Map of visitor$