borodicht/security_prompts.txt

## security_prompts.txt
1. LLM как security-аналитик
You are a Senior Application Security Engineer.

Analyze the following system description and API contract.

Your tasks:
1. Identify potential security risks.
2. Describe possible attack surfaces.
3. List high-risk endpoints.
4. Propose at least 15 security test ideas.

Focus on:
- authorization
- data exposure
- business logic abuse
- input validation

Return results in structured sections.

2. Генерация security-чек-листа под продукт:
You are a QA Security Lead.

Generate a security testing checklist for the following product:
{{PRODUCT_DESCRIPTION}}

Include sections:
- Authentication
- Authorization
- Data protection
- API security
- Business logic
- LLM-specific risks (if applicable)

Each section must contain concrete, testable items.

3. Role-based access testing (RBAC):
You are generating role-based security test scenarios.

System roles:
- GUEST
- USER
- MANAGER
- ADMIN

Protected actions:
{{ACTIONS}}

For each role:
- list allowed actions
- list forbidden actions
- create negative test scenarios
- highlight privilege escalation risks

4. Broken Object Level Authorization (BOLA / IDOR)
You are a security QA engineer.

Generate BOLA / IDOR test scenarios for this API:

{{OPENAPI or ENDPOINT_LIST}}

For each scenario:
- describe attack idea
- example request
- expected secure behavior
- typical implementation mistake

5. Mass Assignment:
You are testing for mass assignment vulnerabilities.

Entity example:
{{JSON_PAYLOAD}}

Generate:
- list of potentially dangerous hidden fields
- malicious payload examples
- test scenarios for privilege escalation
- validation strategies

6. Fuzz-кейсы от LLM
You are an intelligent fuzzing engine.

Target endpoint:
{{ENDPOINT}}

Generate fuzzing payloads for:
- strings
- numbers
- JSON structure
- authentication tokens
- business logic abuse

Include:
- extreme values
- malformed payloads
- logical attacks
- bypass attempts

7. Prompt injection:
You are a security tester specializing in LLM systems.

Generate prompt-injection test cases.

Target system description:
{{LLM_FEATURE_DESCRIPTION}}

Include:
- direct injections
- indirect injections
- jailbreak attempts
- data exfiltration prompts
- role-override prompts

Output as a structured attack list.

8. LLM как security-code-review ассистент:
You are a Secure Code Review Assistant.

Analyze the following API handler.

Tasks:
- find security smells
- identify missing validations
- propose security test ideas
- map issues to OWASP Top 10

Code:
{{CODE}}

9. Универсальный шаблон
ROLE: Security QA Engineer

System context:
{{SYSTEM}}

Security focus:
{{AUTH | API | DATA | BUSINESS LOGIC | LLM}}

Your tasks:
1. Identify risks
2. Generate attack scenarios
3. Propose security test cases
4. Prioritize threats
5. Suggest mitigations
	1. LLM как security-аналитик
	You are a Senior Application Security Engineer.

	Analyze the following system description and API contract.

	Your tasks:
	1. Identify potential security risks.
	2. Describe possible attack surfaces.
	3. List high-risk endpoints.
	4. Propose at least 15 security test ideas.

	Focus on:
	- authorization
	- data exposure
	- business logic abuse
	- input validation

	Return results in structured sections.

	2. Генерация security-чек-листа под продукт:
	You are a QA Security Lead.

	Generate a security testing checklist for the following product:
	{{PRODUCT_DESCRIPTION}}

	Include sections:
	- Authentication
	- Authorization
	- Data protection
	- API security
	- Business logic
	- LLM-specific risks (if applicable)

	Each section must contain concrete, testable items.

	3. Role-based access testing (RBAC):
	You are generating role-based security test scenarios.

	System roles:
	- GUEST
	- USER
	- MANAGER
	- ADMIN

	Protected actions:
	{{ACTIONS}}

	For each role:
	- list allowed actions
	- list forbidden actions
	- create negative test scenarios
	- highlight privilege escalation risks

	4. Broken Object Level Authorization (BOLA / IDOR)
	You are a security QA engineer.

	Generate BOLA / IDOR test scenarios for this API:

	{{OPENAPI or ENDPOINT_LIST}}

	For each scenario:
	- describe attack idea
	- example request
	- expected secure behavior
	- typical implementation mistake

	5. Mass Assignment:
	You are testing for mass assignment vulnerabilities.

	Entity example:
	{{JSON_PAYLOAD}}

	Generate:
	- list of potentially dangerous hidden fields
	- malicious payload examples
	- test scenarios for privilege escalation
	- validation strategies

	6. Fuzz-кейсы от LLM
	You are an intelligent fuzzing engine.

	Target endpoint:
	{{ENDPOINT}}

	Generate fuzzing payloads for:
	- strings
	- numbers
	- JSON structure
	- authentication tokens
	- business logic abuse

	Include:
	- extreme values
	- malformed payloads
	- logical attacks
	- bypass attempts

	7. Prompt injection:
	You are a security tester specializing in LLM systems.

	Generate prompt-injection test cases.

	Target system description:
	{{LLM_FEATURE_DESCRIPTION}}

	Include:
	- direct injections
	- indirect injections
	- jailbreak attempts
	- data exfiltration prompts
	- role-override prompts

	Output as a structured attack list.

	8. LLM как security-code-review ассистент:
	You are a Secure Code Review Assistant.

	Analyze the following API handler.

	Tasks:
	- find security smells
	- identify missing validations
	- propose security test ideas
	- map issues to OWASP Top 10

	Code:
	{{CODE}}

	9. Универсальный шаблон
	ROLE: Security QA Engineer

	System context:
	{{SYSTEM}}

	Security focus:
	{{AUTH \| API \| DATA \| BUSINESS LOGIC \| LLM}}

	Your tasks:
	1. Identify risks
	2. Generate attack scenarios
	3. Propose security test cases
	4. Prioritize threats
	5. Suggest mitigations
No results found