Security

Turns Microsoft Learn responsible AI modules and accessibility remediation patterns into a checklist for teams shipping generative features that emit images, code, or UI copy. Practitioners verify training-data gaps (for example stereotypical depictions of disabled users), audit metadata labels on inclusive datasets, document human-in-the-loop fixes, and align with published principles that people remain accountable for AI outcomes. The skill references learn.microsoft.com training on responsible AI practices and real-world corrections such as purchasing supplemental multimodal data when model outputs misrepresent blind users—without skipping metadata-layer bias reviews emphasized by ML fairness practitioners.

Maps the authoritative OWASP "Top 10 for Large Language Model Applications" (version 1.1) taxonomy—LLM01 Prompt Injection through LLM10 Model Theft—into an actionable readiness checklist for architects red-teaming Retrieval-Augmented Generation, Agents, plugins, training pipelines, or hosted inference gateways. Official project pages summarize each risk bucket (prompt injection bypassing safeguards, unchecked outputs enabling downstream exploits, poisoned corpora distorting reasoning, abusive workloads starving capacity, brittle supply-chain dependencies, sensitive data resurfacing inside generations, excessively privileged plugins/agents/autonomy, misplaced trust producing compliance failures, loss of proprietary model weights via API abuse). The skill pairs each category with tangible controls (policy, monitoring, toolchain limits) anchored to genai.owasp.org releases rather than anecdotes.

Reviews AI-generated code for security failure modes that AI assistants commonly miss: prompt injection risks, credential exposure, dependency vulnerabilities, insecure deserialization, and access control gaps. This skill catches what agents miss when they optimize for functionality over safety, especially in code that handles user input, authentication, or external data.