How we got here
When OWASP Top 10:2021 was released, LLMs were not a thing, it took us a while to create a Dradis methodology for the 2021 edition. The process was fairly manual, collecting the information from the OWASP site, and formatting it using Dradis to prepare the methodology template. Nevertheless we did it, and it has been shipping with Dradis Community Edition for the last few years.
In Nov 2025, OWASP released OWASP Top 10:2025 edition, so it was time to update our templates. However, before starting the process there was a bit of a 
moment, could this be automated? It turns out it could.
I started a new Claude session, uploaded the Top 10:2021 edition as a sample and prompted:
I have the attached document that formats the OWASP Top 10 list from 2021 into a specific XML format that can be used by the Dradis Framework tool. I want you to generate an equivalent XML for the OWASP Top 10 list from 2025, using exclusively the content from: OWASP Top 10:2025 and following the same convention as the original file.
Parse these pages only:
A01 Broken Access Control - OWASP Top 10:2025
A02 Security Misconfiguration - OWASP Top 10:2025
A03 Software Supply Chain Failures - OWASP Top 10:2025
A04 Cryptographic Failures - OWASP Top 10:2025
A05 Injection - OWASP Top 10:2025
A06 Insecure Design - OWASP Top 10:2025
A07 Authentication Failures - OWASP Top 10:2025
A08 Software or Data Integrity Failures - OWASP Top 10:2025
A09 Security Logging and Alerting Failures - OWASP Top 10:2025
A10 Mishandling of Exceptional Conditions - OWASP Top 10:2025To avoid running into file size or content issues, split this in 10 tasks, fetch each item independently and once you have them all formatted in the right XML structure, compile the final XML file.
It one-shotted the right output, Textile formatting and everything. You can check it out in our templates and methodologies page. You can also see it in action in the CE Sandbox.
Once you think about it is not surprising that the LLM was able to handle the task, but the real unlock was to realise that we could probably use a similar process to get to other methodology templates that we’ve been wanting to provide but haven’t found the time to do so yet.
First, let’s create a Project
Our original idea was to create a new project, and provide a generalised version of the prompt above, along with some sample files as Instructions for the project. That could definitely work, and it’s a good way to make this compatible cross-models.
However, we were about to do this when we realised we could unlock this not just for ourselves, but for everyone in the community.
Enter the /methodology skill
If you’re not familiar with Claude, there is a bit of a terminology soup that is worth describing:
- Project: A workspace for organizing conversations.
- Skill: Instructions that teach Claude how to do something.
- Plugin: A sharable package that can contain skills, commands, agents, hooks, and MCP server configs.
So one way to skin this cat would have been to create a Project, provide the right Instructions, and use it every time we wanted to create a new template:
Hey Claude, I want to create the 'OWASP Top 10 for LLM Applications 2025…
This would have worked internally and would have saved us many hours of manually processing and formatting.
But we quickly realised that we could open this up (that’s why people choose Dradis after all), and let others create their own methodologies using the same process.
To do that, we’d have to encapsulate the knowledge on how to build a Dradis methodology into a Skill, and package it into a Plugin.
Enter dradis/dradis-claude:
A repo holding the methodology skill (more to come) that you can use from today to generate your own methodology templates for Dradis (both editions).
-
Run Claude Code, start a new session and drop to the CLI, then run:
/plugin -
Select Marketplaces and hit [Enter]. Type:
dradis/dradis-claude -
You’ll see the dradis-core plugin and will be givent he option to install it, select it with [Space] and hit [Enter]
-
Choose the right scope, e.g. local scope (any would do)
It install correctly, but a weird quirk I encountered is that I had to restart the Claude app in order for the /methodology skill to be available. After that, we’re golden:
Congrats, you can now us the /methodology skill to create your own Dradis testing methodologies. Turn your existing methodology documents (Word, PDF, markdown) and checklists into a template you and your team can use and keep up to date.
OWASP Top 10 for LLM Applications 2025
So let’s put this to use and see it in action to generate a new Dradis methodology for the OWASP Top 10 for LLM Applications 2025.
The obvious first attempt, unfortunatelly didn’t fly, I tried running:
/methodology https://genai.owasp.org/llm-top-10/
But Claude ran into issues fetching the pages.
So I tried providing each of the pages:
/methodology https://genai.owasp.org/llmrisk/llm01-prompt-injection/
https://genai.owasp.org/llmrisk/llm022025-sensitive-information-disclosure/
https://genai.owasp.org/llmrisk/llm032025-supply-chain/
https://genai.owasp.org/llmrisk/llm042025-data-and-model-poisoning/
https://genai.owasp.org/llmrisk/llm052025-improper-output-handling/
https://genai.owasp.org/llmrisk/llm062025-excessive-agency/
https://genai.owasp.org/llmrisk/llm072025-system-prompt-leakage/
https://genai.owasp.org/llmrisk/llm082025-vector-and-embedding-weaknesses/
https://genai.owasp.org/llmrisk/llm092025-misinformation/
https://genai.owasp.org/llmrisk/llm102025-unbounded-consumption/
Success! That did the trick, the file was created, and it could be used in Dradis right away:
The new methodology is available for you to use from dradis/dradis-templates: