Implementation:OWASP Www project top 10 for large language model applications CandidateTemplate Submit
| Knowledge Sources | OWASP/www-project-top-10-for-large-language-model-applications |
|---|---|
| Domains | Security Standards, Vulnerability Management, Community Governance |
| Last Updated | 2026-02-14 |
Overview
Concrete tool for submitting candidate vulnerability entries to the OWASP Top 10 for LLM Applications, provided by the structured template and fork/PR workflow defined in the Archive/2_0_candidates/ directory.
Description
CandidateTemplate_Submit implements the candidate vulnerability submission process by providing a Markdown template file (_template.md) and a five-step instruction workflow (_instructions.md). The template defines the required sections for a valid candidate entry: Risk/Vuln Name, Author(s), Description, Common Examples of Risk (1 to 3 items), Prevention and Mitigation Strategies (1 to 3 items), Example Attack Scenarios (1 to 2 items), and Reference Links (1 to 2 items). Contributors fork the repository, copy the template, populate the fields, save the file with the naming convention YourName_VulnName.md, and open a Pull Request. The 2.0 cycle yielded 34 candidate submissions from the community using this workflow.
Usage
Import and use this pattern whenever a contributor needs to propose a new vulnerability for inclusion in the OWASP Top 10 for LLM Applications. This is the entry point for the entire vulnerability entry development workflow.
Code Reference
Source Location
- Template:
Archive/2_0_candidates/_template.md(Lines 1 through 35) - Instructions:
Archive/2_0_candidates/_instructions.md(Lines 1 through 20)
Signature
CandidateTemplate.submit(
author: str,
vuln_name: str,
description: str,
examples: list,
mitigations: list,
scenarios: list,
references: list
) -> CandidateEntry
Import
# Step 0: Fork the repository
git fork OWASP/www-project-top-10-for-large-language-model-applications
# Step 1: Copy the template
cp Archive/2_0_candidates/_template.md Archive/2_0_candidates/YourName_VulnName.md
I/O Contract
Inputs
| Parameter | Type | Description |
|---|---|---|
| author | str | Name of the author(s) who documented the vulnerability |
| vuln_name | str | Canonical name for the proposed vulnerability risk |
| description | str | Brief description of the risk including potential effects such as system compromises or data breaches |
| examples | list | 1 to 3 common examples that illustrate specific instances of this risk |
| mitigations | list | 1 to 3 prevention and mitigation strategies |
| scenarios | list | 1 to 2 detailed attack scenarios showing how the risk could be exploited |
| references | list | 1 to 2 reference links with outlet names and citation-compliant formatting |
Outputs
| Field | Type | Description |
|---|---|---|
| CandidateEntry | object | A completed vulnerability candidate file saved as YourName_VulnName.md and submitted as a Pull Request
|
| CandidateEntry.filename | str | File path following the pattern Archive/2_0_candidates/YourName_VulnName.md
|
| CandidateEntry.pr_url | str | URL of the opened Pull Request on the upstream repository |
Usage Examples
Example 1: Submitting a Prompt Injection Candidate
## Risk/Vuln Name: Prompt Injection
**Author(s):**
James Nakayama
### Description
A Prompt Injection vulnerability occurs when user prompts alter the
LLM's behavior or output in unintended ways. These inputs can affect
the model even if they are imperceptible to humans.
### Common Examples of Risk
1. Example 1: Malicious actors craft inputs that misguide the model
to execute unauthorized actions.
2. Example 2: User inputs unstructured text that bypasses preset
restrictions within the LLM's prompts.
3. Example 3: External content containing hidden instructions is
ingested by the LLM through retrieval mechanisms.
### Prevention and Mitigation Strategies
1. Prevention Step 1: Constrain LLM input by enforcing strict
privilege controls on LLM access to backend systems.
2. Prevention Step 2: Add human-in-the-loop confirmation for
privileged operations.
3. Prevention Step 3: Segregate external content from user prompts
by using delimiters and trust boundaries.
### Example Attack Scenarios
Scenario #1: An attacker embeds a hidden instruction in a web page
that the LLM retrieves via RAG, causing it to exfiltrate user data
to an external endpoint.
Scenario #2: A user crafts a prompt that causes the LLM to ignore
its system instructions and reveal its system prompt contents.
### Reference Links
1. [Prompt Injection Attacks](https://arxiv.org/abs/2306.05499): **Arxiv**
2. [OWASP LLM01](https://genai.owasp.org): **OWASP**
Example 2: Five-Step Workflow
# Step 0: Fork the repository
# (Use GitHub UI to fork OWASP/www-project-top-10-for-large-language-model-applications)
# Step 1: Copy the template
cp Archive/2_0_candidates/_template.md Archive/2_0_candidates/JSmith_DataExfiltration.md
# Step 2: Populate the template with vulnerability information
# (Edit JSmith_DataExfiltration.md with your content)
# Step 3: Save with the naming convention YourName_VulnName.md
# (Already done in Step 1)
# Step 4: Upload to the candidates directory in your fork
git add Archive/2_0_candidates/JSmith_DataExfiltration.md
git commit -m "Add DataExfiltration candidate entry"
git push origin main
# Step 5: Create a Pull Request
gh pr create --title "Candidate: DataExfiltration" --body "New vulnerability candidate submission"