Skip to content

feat(skills): expand llm_prompt_injection with Model DoS and Excessive AgencyFeat/llm dos excessive agency#743

Open
MujumdarSahil wants to merge 1 commit into
usestrix:mainfrom
MujumdarSahil:feat/llm-dos-excessive-agency
Open

feat(skills): expand llm_prompt_injection with Model DoS and Excessive AgencyFeat/llm dos excessive agency#743
MujumdarSahil wants to merge 1 commit into
usestrix:mainfrom
MujumdarSahil:feat/llm-dos-excessive-agency

Conversation

@MujumdarSahil

Copy link
Copy Markdown

Expand llm_prompt_injection.md: Model DoS + Excessive Agency

Addresses #691 (AI/LLM application testing skills).

Prompt injection, jailbreaks, and unsafe output handling were already
covered by this skill (added in #616). This PR expands the same file
to cover two additional LLM runtime vulnerability classes that share
the confused-deputy testing methodology already established here:

  • Model Denial of Service: context/token exhaustion, recursive tool
    call loops, chat-history state bloating
  • Excessive Agency: missing authorization gates on destructive tool
    actions, privilege mismatch, confused-deputy tool execution

Both additions follow the file's existing structure (Attack Surface →
Key Vulnerabilities → Testing Methodology → Validation → Impact) rather
than introducing a new format, and include concrete testing probes
consistent with the rest of the skill.

Scope note: this does not address #678 (cross-modal/image-based
injection) — that requires genuinely different coverage (payloads
embedded in image pixels, not text metadata) and is left for a
separate PR.

Model theft and training-data poisoning (also part of OWASP LLM Top 10)
are intentionally excluded — they aren't dynamically testable via the
web-facing attack surface Strix operates on, so they don't belong in a
DAST-oriented skill file.

@MujumdarSahil
MujumdarSahil force-pushed the feat/llm-dos-excessive-agency branch from aa95bb1 to f16da6a Compare July 11, 2026 13:21
@MujumdarSahil

Copy link
Copy Markdown
Author

@greptile-apps review

@greptile-apps

greptile-apps Bot commented Jul 11, 2026

Copy link
Copy Markdown
Contributor

Greptile Summary

This PR expands the LLM prompt injection skill with additional runtime security guidance.

  • Adds Model DoS coverage for context exhaustion, loops, and state bloating.
  • Adds Excessive Agency coverage for destructive tools and authorization gaps.
  • Extends testing, validation, and impact sections for the new cases.

Confidence Score: 5/5

This looks safe to merge.

  • No blocking issues found in the changed code.

Important Files Changed

Filename Overview
strix/skills/vulnerabilities/llm_prompt_injection.md Adds additive guidance for Model DoS and Excessive Agency while preserving the existing skill structure and frontmatter shape.

Reviews (1): Last reviewed commit: "feat(skills): expand llm_prompt_injectio..." | Re-trigger Greptile

@0xallam
0xallam force-pushed the main branch 3 times, most recently from 44e87ca to daf39a2 Compare July 13, 2026 23:50
@0xallam
0xallam force-pushed the feat/llm-dos-excessive-agency branch from f16da6a to 5c8211e Compare July 14, 2026 00:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant