dspy-haystack-integration
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill is susceptible to indirect prompt injection because training examples and retrieved documents are interpolated directly into the final Haystack prompt template without sanitization.
- Ingestion points: Training data (trainset) and document store content (doc_store) are used to build prompts in examples/haystack-dspy-optimizer.py and references/prompt-extraction.md.
- Boundary markers: Absent; the code uses simple string concatenation to include examples in the prompt, making it difficult for the LLM to distinguish instructions from data if malicious content is present in the training set or documents.
- Capability inventory: The resulting prompt is executed by the OpenAIGenerator component within a Haystack pipeline.
- Sanitization: No escaping, validation, or filtering is performed on the content of the examples before they are added to the prompt template.
Audit Metadata