AI Security Auditor is a skill published by agensi that evaluates AI agent configurations, prompt templates, and MCP tool integrations for security vulnerabilities. It applies the 2025 OWASP Top 10 for LLM Applications as its auditing framework, surfacing issues that standard code linters do not cover.
The skill performs four distinct classes of analysis. Injection detection scans prompts for direct and indirect injection vectors, including second-order threats originating from RAG pipelines or tool outputs. Permission boundary auditing reviews MCP server and tool definitions to flag overly permissive access to filesystems, networks, or databases. Data leakage prevention scans system prompts and conversation logs for PII, secrets, and hardcoded credentials. Agency assessment identifies Excessive Agency risks by checking whether high-impact actions have human-in-the-loop gates in place.
Findings are delivered as a structured audit report with prioritized remediations mapped to specific lines of code, making results actionable rather than advisory. The skill is described as compatible with agent frameworks and MCP setups, and its output is designed to support security reviews and compliance documentation.
This skill is appropriate when moving AI agents from a development sandbox toward production and needing a systematic security checkpoint. It is not a runtime firewall or a general-purpose static analysis tool — it focuses specifically on the LLM agent security surface.