sap-ai-core
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides instructions and templates for building Retrieval-Augmented Generation (RAG) pipelines using the SAP AI Core grounding service. This architecture facilitates the ingestion of data from external sources (e.g., SharePoint, AWS S3, SFTP), creating a surface for indirect prompt injection where malicious content in these documents could influence the agent's behavior.
- Ingestion points: Data is pulled from external repositories into the model's context as documented in 'references/grounding-rag.md' and used in 'templates/orchestration-workflow.json'.
- Boundary markers: While the templates include system messages to constrain the model (e.g., 'Answer based only on the following context'), there are no explicit programmatic delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill enables tool calling and various API interactions via the orchestration service, which increases the potential impact of a successful injection.
- Sanitization: No explicit content validation or sanitization logic is described in the provided guides.
Audit Metadata