rag-implementation
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill provides defensive strategies and educational examples regarding indirect prompt injection risks in RAG pipelines.
- Ingestion points: External vector stores and document corpora (SKILL.md, references/failure-modes.md).
- Boundary markers: Recommends using XML-style tags and explicit system instructions to treat retrieved content as untrusted data (references/failure-modes.md).
- Capability inventory: No direct dangerous shell or file capabilities are included; the skill guides LLM-based application logic.
- Sanitization: Recommends indexing-time removal of injection markers and prompt-level fencing.
- [DATA_EXFILTRATION]: Comprehensive guidance on multi-tenant isolation is provided to prevent cross-tenant data leakage. It includes implementation patterns for Pinecone namespaces, Qdrant filters, and pgvector Row-Level Security.
- [EXTERNAL_DOWNLOADS]: References official documentation, research papers, and implementation guides from established sources including Anthropic, LlamaIndex, RAGAS, and arXiv.org.
Audit Metadata