OWASP ASI Top 10 Coverage
The OWASP Top 10 for Agentic Applications is the industry benchmark for securing autonomous AI agents. Here is how SecureSkill's multi-layer scan pipeline maps to each category.
Agent Goal Hijack
Attacker alters an agent's objectives or decision path through malicious text content.
Attack Categories
Pipeline Layers
How SecureSkill Detects It
AI semantic analysis examines every instruction surface - skill manifests, documentation, code comments, template files - for directives that redirect agent objectives, inject competing goals, or override intended behavior. Pattern matching rules detect known prompt injection signatures. The deobfuscation engine strips Unicode tricks (homoglyphs, zero-width characters, BiDi overrides) that could hide hijack instructions from downstream layers.
Tool Misuse and Exploitation
Agent calls legitimate tools unsafely due to ambiguous prompts or manipulated inputs.
Attack Categories
Pipeline Layers
How SecureSkill Detects It
AI semantic analysis compares a skill's declared purpose against its actual capabilities across every file. A "code formatter" that reads credentials or makes network calls is flagged as scope mismatch. AST-level analysis detects aliased dangerous function calls and indirect invocations that bypass text-based matching. Scripts with any network calls receive a minimum risk score of 4.
Identity and Privilege Abuse
Privileges are unintentionally reused, escalated, or passed across agents.
Attack Categories
Pipeline Layers
How SecureSkill Detects It
Credential detection scans every file with detectors covering AWS, GCP, Azure, GitHub, and hundreds more services. Pattern matching rules detect credential caching patterns - skills that write tokens, keys, or session material to persistent storage for later reuse. AI semantic analysis identifies excessive permission requests and privilege escalation via agent type overrides. AST-level dataflow tracing follows credential reads from source to network sink.
SecureSkill is a pre-installation scanner. Runtime privilege escalation, credential caching during execution, and confused deputy attacks require runtime monitoring.
Agentic Supply Chain Vulnerabilities
Compromised components can alter agent behavior or expose data.
Attack Categories
Pipeline Layers
How SecureSkill Detects It
Pattern matching rules detect known malicious package patterns and remote script execution. Real-time threat intelligence checks extracted URLs, domains, and file hashes against active threat feeds. Vulnerability database queries identify known-compromised npm and PyPI dependencies by cross-referencing CVE and advisory databases. Credential detection catches embedded secrets from compromised publishers. AI semantic analysis evaluates publisher metadata for suspicious indicators.
Unexpected Code Execution
Agents generate or run code or commands unsafely.
Attack Categories
Pipeline Layers
How SecureSkill Detects It
Every script and hook handler is analyzed. AI semantic analysis identifies eval(), exec(), base64 decode chains, dynamic imports, and shell injection. Pattern matching rules flag known malicious execution signatures. AST-level analysis performs structure-aware detection of eval injection and dangerous imports, catching patterns like aliased exec calls and indirect invocations that text-based matching misses.
Memory and Context Poisoning
Attackers poison memory to influence future decisions or behavior.
Attack Categories
Pipeline Layers
How SecureSkill Detects It
AI semantic analysis detects instructions to seed memory files, workspace configurations, and persistent context that survives across sessions. Promotion of content to persistent agent config files is flagged - transparent, purpose-matched promotion is scored lower, while hidden instruction promotion is flagged as critical. Pattern matching rules detect context-poisoning and workspace-poisoning signatures.
Insecure Inter-Agent Communication
Communication lacks authentication, encryption, or semantic validation.
Attack Categories
Pipeline Layers
How SecureSkill Detects It
AI semantic analysis examines usage of inter-agent and inter-session messaging interfaces, distinguishing legitimate communication from data exfiltration or instruction injection across sessions. Cross-platform messaging exfiltration patterns are detected when skills abuse messaging APIs as covert data channels.
Cascading Failures
A single fault or malicious event propagates across interlinked agents, amplifying harm.
Attack Categories
Pipeline Layers
How SecureSkill Detects It
Dependency scanning identifies compromised upstream packages that could cascade through a skill's dependency tree. AI semantic analysis detects skills that spawn sub-agents beyond declared purpose or perform unbounded operations that could amplify failures. Pattern matching rules flag excessive subprocess spawning and resource abuse patterns.
Cascading failures are fundamentally a runtime, multi-agent phenomenon. SecureSkill detects pre-installation conditions that lead to cascading failures - compromised dependencies, unbounded spawning, and unscoped delegation chains - but runtime failure propagation requires runtime monitoring.
Human-Agent Trust Exploitation
Attackers exploit user over-trust in agent outputs through deception or manipulation.
Attack Categories
Pipeline Layers
How SecureSkill Detects It
Dedicated detection rules target social engineering patterns: fake error messages, simulated approval dialogs, approval fatigue induction, technical jargon masking dangerous operations, output suppression, phishing link injection, urgency exploitation, and authority impersonation. AI semantic analysis detects instructions that cause the agent to generate emotionally manipulative outputs, produce deceptive justifications for dangerous actions, or suppress security warnings.
SecureSkill scans skill packages pre-installation, not agent outputs at runtime. Full ASI-09 coverage requires runtime output monitoring for deceptive agent responses.
Rogue Agents
Compromised or malicious agents deviate from intended goals while appearing legitimate.
Attack Categories
Pipeline Layers
How SecureSkill Detects It
AI semantic analysis detects conditional activation logic (time-based triggers, counter-based activation, sleeper patterns), gradual objective deviation, and instructions to promote hidden content to persistent agent config files. Autonomous skill mutation - skills that modify their own code or instructions - is flagged. Cross-session abuse patterns catch skills that persist harmful behavior across sessions.
SecureSkill provides coverage across all 10 OWASP ASI Top 10 categories through its multi-layer analysis pipeline: AI semantic analysis across 20+ purpose-built attack categories, comprehensive pattern matching rules, AST-level code analysis, dependency vulnerability scanning, real-time threat intelligence, credential detection, and Unicode deobfuscation.