rag-implementation
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a Retrieval-Augmented Generation (RAG) architecture, creating an attack surface for indirect prompt injection.
- Ingestion points: Documents are retrieved from external vector databases like Pinecone, Weaviate, and Chroma in functions such as retrieve and retrieve_with_hyde.
- Boundary markers: The prompt templates utilize standard labels like Context and Question but lack explicit instructions to the model to ignore potential commands embedded within retrieved context.
- Capability inventory: The skill invokes the llm.ainvoke capability to generate answers based on external retrieved content.
- Sanitization: No sanitization or validation logic is applied to the retrieved document content before it is interpolated into the final prompt.
Audit Metadata