Skill UI

This guide provides a structured approach to red-teaming Large Language Models (LLMs) to detect sensitive data leakage from system prompts. It simulates advanced attacks—including prompt injection, instruction override, and encoding tricks—to identify embedded secrets, API keys, and proprietary business logic. Essential for validating adherence to OWASP LLM07 and securing AI applications against data exfiltration.

This skill guides the verification of software build provenance and signatures using industry standards like SLSA and Sigstore. It leverages tools like cosign and slsa-verifier to enforce keyless OIDC identity and confirm that artifacts were built by trusted sources without tampering. It is essential for hardening CI/CD pipelines and securing the entire software supply chain against advanced attacks.