Prompt Injection Risks
# Prompt Injection Risks: Security in RAG Systems
> Retrieved content is untrusted input — understanding and mitigating prompt injection in RAG systems.
---
## What is Prompt Injection (in RAG)?
Prompt injection in RAG is an attack where malicious instructions are hidden inside content that gets retrieved and passed to the LLM — a poisoned document, webpage, or email — and the model follows those instructions as if they came from the trusted system prompt or user. It's a distinct risk in RAG systems specifically because retrieved content is, by default, treated as trusted context, even though it can come from sources an attacker controls.
---
## The Injection Surface in RAG
RAG systems are uniquely vulnerable to prompt injection because they ingest third-party content into the prompt at runtime.
### Why RAG Is Vulnerable
Pure LLM systems (no retrieval) have a single input: the user query. The system prompt and initial context are fixed.
RAG systems have three inputs:
1. **User query** (user-controlled)
2. **Retrieved documents** (corpus-controlled; possibly adversarial)
3. **System prompt** (system-controlled)
The problem: retrieved documents are **untrusted input**. An attacker who can insert a malicious document into the corpus can manipulate the LLM's behavior.when to use it
Community prompt sourced from the open-source GitHub repo ather-techie/rag-interview-system (MIT). A "Prompt Injection Risks" style prompt — adapt the placeholders and specifics to your task. Imported as-is and not independently retested here, so check the output before relying on it.
tags
productivitycommunitydeveloper
source
ather-techie/rag-interview-system · MIT
more in Productivity
Productivity✓ tested
Summarize a doc into decisions & actions
chief of staff who extracts what to DO, not just what was said
Productivity✓ tested
Draft a reply to a hard email
calm, direct communicator who de-escalates without caving
Productivity✓ tested
Turn a brain-dump into a weekly plan
planning coach who protects your focus, not just your calendar