feat(skills): expand llm_prompt_injection with Model DoS and Excessive AgencyFeat/llm dos excessive agency#743
Open
MujumdarSahil wants to merge 1 commit into
Conversation
MujumdarSahil
force-pushed
the
feat/llm-dos-excessive-agency
branch
from
July 11, 2026 13:21
aa95bb1 to
f16da6a
Compare
Author
|
@greptile-apps review |
Contributor
Greptile SummaryThis PR expands the LLM prompt injection skill with additional runtime security guidance.
Confidence Score: 5/5This looks safe to merge.
Important Files Changed
Reviews (1): Last reviewed commit: "feat(skills): expand llm_prompt_injectio..." | Re-trigger Greptile |
0xallam
force-pushed
the
main
branch
3 times, most recently
from
July 13, 2026 23:50
44e87ca to
daf39a2
Compare
0xallam
force-pushed
the
feat/llm-dos-excessive-agency
branch
from
July 14, 2026 00:00
f16da6a to
5c8211e
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Expand llm_prompt_injection.md: Model DoS + Excessive Agency
Addresses #691 (AI/LLM application testing skills).
Prompt injection, jailbreaks, and unsafe output handling were already
covered by this skill (added in #616). This PR expands the same file
to cover two additional LLM runtime vulnerability classes that share
the confused-deputy testing methodology already established here:
call loops, chat-history state bloating
actions, privilege mismatch, confused-deputy tool execution
Both additions follow the file's existing structure (Attack Surface →
Key Vulnerabilities → Testing Methodology → Validation → Impact) rather
than introducing a new format, and include concrete testing probes
consistent with the rest of the skill.
Scope note: this does not address #678 (cross-modal/image-based
injection) — that requires genuinely different coverage (payloads
embedded in image pixels, not text metadata) and is left for a
separate PR.
Model theft and training-data poisoning (also part of OWASP LLM Top 10)
are intentionally excluded — they aren't dynamically testable via the
web-facing attack surface Strix operates on, so they don't belong in a
DAST-oriented skill file.