ai-llm-security-reviewlisted

# AI and LLM security review Use this skill for AI applications, agents, RAG systems, model gateways, prompt chains, evals, and LLM governance. ## Review workflow 1. Inventory the AI system: model/provider, prompts, tools, RAG sources, memory, logs, user roles, secrets, data classes, and downstream actions. 2. Threat model trust boundaries: - user input to prompt - retrieved content to model - model output to tools - tool output to user - logs/traces to operators 3. Test high-risk paths: - direct and indirect prompt injection - data exfiltration from RAG or memory - insecure tool invocation - overbroad agent permissions - jailbreaks that change policy or role - model/provider key leakage - training/eval data contamination 4. Recommend controls: - least-privilege tool scopes - allowlisted tool schemas and argument validation - retrieval filtering and source attribution - secret redaction before prompts/logs - output validation before side effects - human approval for destructive or external actions - continuous evals and regression prompts ## Deliverables Return findings as: | Risk | Attack path | Impact | Evidence | Control | Test to keep fixed | | --- | --- | --- | --- | --- | --- | When the task involves current AI regulation or sector obligations, verify against current official sources before making definitive claims.