Injection: LLM Excessive Agency¶

Identifier: llm_excessive_agency

Scanner(s) Support¶

Description¶

LLM Excessive Agency happens when a language model is given too much freedom to decide what and how to do things, rather than just following clear instructions. This extra autonomy can lead to unexpected and potentially harmful behaviors, like producing biased or misleading outputs, leaking private data, or even compromising security. Developers might mistakenly let these tools operate with too little oversight, thinking they only need to generate content, but that extra decision-making power can quickly turn into a risk if not properly managed.

References:

• https://genai.owasp.org/llmrisk/llm08-excessive-agency/
• https://owasp.org/www-project-top-10-for-large-language-model-applications/

Configuration¶

Example¶

Example configuration:

---
security_tests:
  llm_excessive_agency:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

assets_allowed¶

Type : List[AssetType]*

List of assets that this check will cover.

skip¶

Type : boolean

Skip the test if true.