Add Anthropic SDK code sample demonstrating ASI03 privilege escalation#803
Open
DanielMendozaC wants to merge 1 commit into
Open
Add Anthropic SDK code sample demonstrating ASI03 privilege escalation#803DanielMendozaC wants to merge 1 commit into
DanielMendozaC wants to merge 1 commit into
Conversation
DanielMendozaC
requested review from
guerilla7,
hoeg and
itskerenkatz
as code owners
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add Anthropic SDK code sample demonstrating ASI03 privilege escalation
Key Changes:
Added:
insecure_agent.py- Over privileged file management agentREADME.md- Vulnerability writeup, OWASP mapping, attack walkthrough, mitigationsDockerfile,requirements.txt,.env.exampledata/- Test files including one with embedded prompt injectionWhat this adds
New code sample under
agentic_top_ten/frameworks/anthropic/privilege_escalation/demonstrating ASI03: Identity & Privilege Abuse.The example is a file management agent built with the Anthropic Python SDK. It has deliberate security flaws: over privileged tools, no authorization checks, no input sanitization, and no audit logging. A prompt injection embedded in a data file tricks the agent into deleting files it should not touch.
Files
insecure_agent.py- The vulnerable agent (~200 lines)README.md- Vulnerability writeup with OWASP ASI03 and LLM Top 10 mapping, attack walkthrough, and mitigationsDockerfile- Run locally with Dockerrequirements.txt- Python dependenciesdata/- Test files including the poisoned reportWhy
The
agentic_top_ten/frameworks/section currently has two examples (pydantic, mastra), both covering the same vulnerability. This adds a third framework (Anthropic SDK) covering a different risk category (ASI03). It also includes a Dockerfile as required by CONTRIBUTING.md.Tested
Ran the agent locally. The prompt injection in
report_q3.txtsuccessfully triggers unauthorized file deletions, confirming the vulnerability works as documented.