Files
Anthropic-Cybersecurity-Skills/skills/defending-llms-with-guardrails/references/api-reference.md
T
mukul975 8cae0648ec Add 55 new skills across 3 new domains + 6 undercovered areas (762 -> 817)
Demand-driven expansion targeting the fastest-growing 2025-2026 threat and
skills categories (ISC2/WEF/CrowdStrike/Mandiant signals):

- AI Security (NEW domain, 12 skills): LLM red-teaming with garak/PyRIT,
  prompt injection (direct/indirect/RAG), MCP tool-poisoning, agentic tool
  invocation, guardrails, model/data poisoning, system-prompt leakage,
  embedding/vector weaknesses, model extraction, continuous red-teaming
- Supply Chain Security (NEW domain, 5 skills): SBOMs, dependency confusion,
  malicious-npm triage, typosquatting, SLSA/Sigstore provenance
- Hardware & Firmware Security (NEW domain, 4 skills): CHIPSEC/UEFI audit,
  Secure Boot bypass, TPM measured-boot attestation, ESP bootkit hunting
- Identity (10): Entra ID/ROADtools, GraphRunner, AADInternals, ADCS/Certipy,
  shadow credentials, coercion, BloodHound CE, device-code phishing, SSO abuse
- Cloud-native (8): Stratus, Pacu, CloudFox, container escape, K8s RBAC,
  Falco, Trivy, kube-bench
- Offensive C2 (6): Sliver, Havoc, NetExec, DPAPI, NTLM relay ESC8, redirectors
- DFIR (6): Hayabusa, Chainsaw, KAPE, Velociraptor, EZ Tools, Plaso
- Backfill (4): OpenCTI, MISP, honeytokens, post-quantum crypto migration

Each skill follows the repo taxonomy (SKILL.md + references/{standards,api-reference}.md
+ scripts/agent.py + LICENSE), with researched real tool commands (no placeholders),
complete frontmatter, and ATT&CK/ATLAS + NIST CSF mappings. Updates README domain
table, skill count, and index.json.
2026-06-22 19:08:16 +02:00

70 lines
3.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# API and Command Reference
## LLM Guard
### Pipeline functions
| Function | Signature | Returns |
|----------|-----------|---------|
| `scan_prompt` | `scan_prompt(scanners, prompt)` | `(sanitized_prompt, results_valid: dict, results_score: dict)` |
| `scan_output` | `scan_output(scanners, prompt, output)` | `(sanitized_output, results_valid: dict, results_score: dict)` |
### Input scanners (15)
`Anonymize`, `BanCode`, `BanCompetitors`, `BanSubstrings`, `BanTopics`, `Code`, `Gibberish`, `InvisibleText`, `Language`, `PromptInjection`, `Regex`, `Secrets`, `Sentiment`, `TokenLimit`, `Toxicity`
### Output scanners (20)
`BanCode`, `BanCompetitors`, `BanSubstrings`, `BanTopics`, `Bias`, `Code`, `Deanonymize`, `JSON`, `Language`, `LanguageSame`, `MaliciousURLs`, `NoRefusal`, `ReadingTime`, `FactualConsistency`, `Gibberish`, `Regex`, `Relevance`, `Sensitive`, `Sentiment`, `Toxicity`, `URLReachability`
### Common scanner parameters
| Scanner | Key params |
|---------|-----------|
| `PromptInjection` | `threshold=0.5`, `match_type=MatchType.FULL\|SENTENCE` |
| `Toxicity` | `threshold=0.5` |
| `Secrets` | `redact_mode="all"\|"partial"\|"hash"` |
| `Anonymize` | `vault`, `entity_types`, `hidden_names` |
| `Sensitive` | `entity_types`, `redact=True` |
| `TokenLimit` | `limit=4096`, `encoding_name="cl100k_base"` |
## Llama Guard 3 (transformers)
| Operation | Call |
|-----------|------|
| Load tokenizer | `AutoTokenizer.from_pretrained("meta-llama/Llama-Guard-3-8B")` |
| Load model | `AutoModelForCausalLM.from_pretrained(model_id, torch_dtype=torch.bfloat16, device_map="auto")` |
| Build prompt | `tokenizer.apply_chat_template(chat, return_tensors="pt")` |
| Classify | `model.generate(input_ids=..., max_new_tokens=100, pad_token_id=0)` |
| Output | `safe` OR `unsafe\nS<n>` where S1S14 are MLCommons categories |
Role of last message determines mode: last turn `user` = prompt classification; last turn `assistant` = response classification.
## NeMo Guardrails
### Config structure
```
config/
config.yml # models, rails, prompts
*.co # Colang flows (dialog/input/output rails)
actions.py # optional custom Python actions
```
### config.yml key sections
| Section | Purpose |
|---------|---------|
| `models:` | list of `{type, engine, model}`; `type: main` is the app LLM, `type: content_safety` for Llama Guard |
| `rails.input.flows` | input-stage flows e.g. `self check input`, `content safety check input $model=content_safety` |
| `rails.output.flows` | output-stage flows e.g. `self check output` |
| `prompts:` | task templates (`self_check_input`, `self_check_output`) |
### Python API
| Call | Purpose |
|------|---------|
| `RailsConfig.from_path("./config")` | Load configuration |
| `LLMRails(config)` | Instantiate rails engine |
| `rails.generate(messages=[...])` | Run input rails → LLM → output rails |
| `rails.generate_async(...)` | Async variant |
### CLI
| Command | Purpose |
|---------|---------|
| `nemoguardrails chat --config=./config` | Interactive chat with rails applied |
| `nemoguardrails server --config=./config` | Start REST server |