rag-implementation
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill describes an architecture for Retrieval-Augmented Generation (RAG) that possesses an inherent surface for indirect prompt injection. Malicious instructions placed within documents in the source directory could be retrieved and included in the LLM's prompt, potentially causing the model to deviate from its intended behavior.
- Ingestion points: The
DirectoryLoaderfunction inSKILL.mdloads all text files from the./docsdirectory to be used as context. - Boundary markers: The prompt templates use simple text headers (e.g., 'Context:', 'Question:') to delineate the retrieved data, which do not provide robust protection against instructions contained within that data.
- Capability inventory: The skill leverages the
OpenAILLM andRetrievalQAchains, which execute natural language instructions based on the provided context. - Sanitization: The provided implementation does not include any sanitization, filtering, or validation steps for the document content before it is processed by the model.
Audit Metadata