rag-implementation

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill provides defensive strategies and educational examples regarding indirect prompt injection risks in RAG pipelines.
  • Ingestion points: External vector stores and document corpora (SKILL.md, references/failure-modes.md).
  • Boundary markers: Recommends using XML-style tags and explicit system instructions to treat retrieved content as untrusted data (references/failure-modes.md).
  • Capability inventory: No direct dangerous shell or file capabilities are included; the skill guides LLM-based application logic.
  • Sanitization: Recommends indexing-time removal of injection markers and prompt-level fencing.
  • [DATA_EXFILTRATION]: Comprehensive guidance on multi-tenant isolation is provided to prevent cross-tenant data leakage. It includes implementation patterns for Pinecone namespaces, Qdrant filters, and pgvector Row-Level Security.
  • [EXTERNAL_DOWNLOADS]: References official documentation, research papers, and implementation guides from established sources including Anthropic, LlamaIndex, RAGAS, and arXiv.org.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 11:15 AM
Security Audit — agent-trust-hub — rag-implementation