Knowledge Retrieval (RAG)
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The Python implementation pattern for RAG is vulnerable to indirect prompt injection where malicious instructions in retrieved documents could override system behavior. \n- Ingestion points: Data is ingested via
vector_db.similarity_searchand combined with user queries inSKILL.md. \n- Boundary markers: The prompt uses minimal delimiters (natural language labels like 'Context:' and 'Question:') which are easily bypassed by adversarial content within retrieved documents. \n- Capability inventory: The skill usesllm.generateto produce output based on the contaminated prompt, which influences the agent's internal reasoning and final response. \n- Sanitization: No sanitization, escaping, or validation of the retrieveddoc.contentis performed before interpolation into the prompt string.
Audit Metadata