home/productivity/prompt-injection-risks

Prompt Injection Risks

GPTClaudeDeepSeek··861 copies·updated 2026-07-14
prompt-injection-risks.prompt
# Prompt Injection Risks: Security in RAG Systems

> Retrieved content is untrusted input — understanding and mitigating prompt injection in RAG systems.

---

## What is Prompt Injection (in RAG)?

Prompt injection in RAG is an attack where malicious instructions are hidden inside content that gets retrieved and passed to the LLM — a poisoned document, webpage, or email — and the model follows those instructions as if they came from the trusted system prompt or user. It's a distinct risk in RAG systems specifically because retrieved content is, by default, treated as trusted context, even though it can come from sources an attacker controls.

---

## The Injection Surface in RAG

RAG systems are uniquely vulnerable to prompt injection because they ingest third-party content into the prompt at runtime.

### Why RAG Is Vulnerable

Pure LLM systems (no retrieval) have a single input: the user query. The system prompt and initial context are fixed.

RAG systems have three inputs:
1. **User query** (user-controlled)
2. **Retrieved documents** (corpus-controlled; possibly adversarial)
3. **System prompt** (system-controlled)

The problem: retrieved documents are **untrusted input**. An attacker who can insert a malicious document into the corpus can manipulate the LLM's behavior.

when to use it

Community prompt sourced from the open-source GitHub repo ather-techie/rag-interview-system (MIT). A "Prompt Injection Risks" style prompt — adapt the placeholders and specifics to your task. Imported as-is and not independently retested here, so check the output before relying on it.

tags

productivitycommunitydeveloper

source

ather-techie/rag-interview-system · MIT