You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Thank you for contributing 5 new OWASP ASI detection skills (ASI04–ASI09)! The skill content quality is good and aligns well with the existing SKILL.md format.
⚠️ Required Fix: Skills Not Registered in _DETECTION_SKILLS
The 5 new skills added in this PR are not registered in agent-scan/core/agent.py — which means they will not be executed during agent scans.
Please update _DETECTION_SKILLS in agent-scan/core/agent.py to include the new skills:
_DETECTION_SKILLS: List[str] = [
"data-leakage-detection",
"tool-abuse-detection",
"indirect-injection-detection",
"authorization-bypass-detection",
# Add the new skills:"agentic-supply-chain-detection",
"unexpected-code-execution-detection",
"inter-agent-comm-security-detection",
"cascading-failure-detection",
"human-agent-trust-exploit-detection",
]
Reference: PR #429 by @DevamShah is a good example — it correctly adds both the SKILL.md file and the registration in agent.py simultaneously.
Minor Notes
cascading-failure-detection maps to ASI08 and human-agent-trust-exploit-detection maps to ASI09 — consider also updating agent-scan/prompt/skills/owasp-asi/SKILL.md to add the mapping entries for these new skills (similar to what PR feat(agent-scan): add memory/RAG poisoning detection skill #429 did for memory-rag-poisoning-detection).
The skill content itself looks solid — good test probe variety and clear Vulnerable/Safe judgment criteria.
Please address the agent.py registration issue and we can move forward with merge. 🙏
I’ve updated agent-scan/core/agent.py to register the new detection skills in _DETECTION_SKILLS, and also added the missing mappings in SKILL.md.
The PR has been updated accordingly. Please take another look.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
trust exploits
Changes
agent-scan/prompt/skills/agentic-supply-chain-detection/SKILL.mdagent-scan/prompt/skills/unexpected-code-execution-detection/SKILL.mdagent-scan/prompt/skills/inter-agent-comm-security-detection/SKILL.mdagent-scan/prompt/skills/cascading-failure-detection/SKILL.mdagent-scan/prompt/skills/human-agent-trust-exploit-detection/SKILL.md