{"id":"f775cb3f-5a9d-4049-bf2a-3bb03005fc4c","shortId":"9jW77f","kind":"skill","title":"rag-ai-app-security-audit","tagline":"Use this skill to audit RAG and AI application security, including retrieval boundaries, prompt injection, citations, memory, and data exposure. Do not use it as a scanner or exploit runner.","description":"# rag-ai-app-security-audit\n\n## English\n\n### Purpose\n\nAudit RAG and AI application security in audit-only mode.\n\nUse this skill when a review involves retrieval pipelines, document ingestion, embeddings, vector\nstores, citations, prompt construction, tool use, memory, tenant filters, or user-visible AI output.\n\n### Workflow\n\n1. Identify trusted and untrusted document sources.\n2. Map retrieval filters, metadata boundaries, and tenant scopes.\n3. Check whether retrieved text is treated as data rather than instruction.\n4. Review citation requirements and output handling.\n5. Check memory writes, retention, redaction, and cross-session reuse.\n6. Report only evidence-backed findings and regression-test ideas.\n\n### Safety rules\n\nDefault to audit-only. Do not execute exploits, do not scan unrelated repositories, do not upload\nprivate source code or secrets, and Do not auto-merge. Ask for human approval before any patch that\nchanges retrieval policy, tool permissions, memory, privacy, or authorization behavior.\n\n## 中文\n\n### 目的\n\n以 audit-only 模式审计 RAG 和 AI application security。\n\n当 review 涉及 retrieval pipelines、document ingestion、embeddings、vector stores、citations、prompt\nconstruction、tool use、memory、tenant filters 或用户可见 AI output 时，使用这个 skill。\n\n### Workflow\n\n1. 识别 trusted 和 untrusted document sources。\n2. 映射 retrieval filters、metadata boundaries 和 tenant scopes。\n3. 检查 retrieved text 是否被当作 data，而不是 instruction。\n4. 审查 citation requirements 和 output handling。\n5. 检查 memory writes、retention、redaction 和 cross-session reuse。\n6. 只报告 evidence-backed findings 和 regression-test ideas。\n\n### Safety rules\n\n默认 audit-only。不要执行 exploits，不要扫描无关仓库，不要上传私有源码或 secrets。Do not auto-merge。任何修改 retrieval\npolicy、tool permissions、memory、privacy 或 authorization behavior 的 patch，都需要 human approval。","tags":["rag","app","security","audit","playbook","edmund-xl","agent-skills","chatgpt","codex","devsecops","mcp","smart-contracts"],"capabilities":["skill","source-edmund-xl","skill-rag-ai-app-security-audit","topic-agent-skills","topic-audit","topic-chatgpt","topic-codex","topic-devsecops","topic-mcp","topic-security","topic-smart-contracts"],"categories":["ai-security-audit-playbook"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/edmund-xl/ai-security-audit-playbook/rag-ai-app-security-audit","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add edmund-xl/ai-security-audit-playbook","source_repo":"https://github.com/edmund-xl/ai-security-audit-playbook","install_from":"skills.sh"}},"qualityScore":"0.453","qualityRationale":"deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 7 github stars · SKILL.md body (1,784 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:13:44.085Z","embedding":null,"createdAt":"2026-05-18T13:21:29.634Z","updatedAt":"2026-05-18T19:13:44.085Z","lastSeenAt":"2026-05-18T19:13:44.085Z","tsv":"'1':85,228 '2':92,235 '3':101,244 '4':113,252 '5':120,259 '6':131,270 'ai':3,14,39,48,82,200,222 'app':4,40 'applic':15,49,201 'approv':176,311 'ask':173 'audit':6,11,42,45,53,148,195,285 'audit-on':52,147,194,284 'author':189,305 'auto':171,295 'auto-merg':170,294 'back':136,274 'behavior':190,306 'boundari':19,97,240 'chang':181 'check':102,121 'citat':22,70,115,213,254 'code':164 'construct':72,215 'cross':128,267 'cross-sess':127,266 'data':25,109,249 'default':145 'document':65,90,208,233 'embed':67,210 'english':43 'evid':135,273 'evidence-back':134,272 'execut':152 'exploit':35,153,288 'exposur':26 'filter':77,95,220,238 'find':137,275 'handl':119,258 'human':175,310 'idea':142,280 'identifi':86 'includ':17 'ingest':66,209 'inject':21 'instruct':112,251 'involv':62 'map':93 'memori':23,75,122,186,218,261,302 'merg':172,296 'metadata':96,239 'mode':55 'output':83,118,223,257 'patch':179,308 'permiss':185,301 'pipelin':64,207 'polici':183,299 'privaci':187,303 'privat':162 'prompt':20,71,214 'purpos':44 'rag':2,12,38,46,198 'rag-ai-app-security-audit':1,37 'rather':110 'redact':125,264 'regress':140,278 'regression-test':139,277 'report':132 'repositori':158 'requir':116,255 'retent':124,263 'retriev':18,63,94,104,182,206,237,246,298 'reus':130,269 'review':61,114,204 'rule':144,282 'runner':36 'safeti':143,281 'scan':156 'scanner':33 'scope':100,243 'secret':166,291 'secur':5,16,41,50,202 'session':129,268 'skill':9,58,226 'skill-rag-ai-app-security-audit' 'sourc':91,163,234 'source-edmund-xl' 'store':69,212 'tenant':76,99,219,242 'test':141,279 'text':105,247 'tool':73,184,216,300 'topic-agent-skills' 'topic-audit' 'topic-chatgpt' 'topic-codex' 'topic-devsecops' 'topic-mcp' 'topic-security' 'topic-smart-contracts' 'treat':107 'trust':87,230 'unrel':157 'untrust':89,232 'upload':161 'use':7,29,56,74,217 'user':80 'user-vis':79 'vector':68,211 'visibl':81 'whether':103 'workflow':84,227 'write':123,262 '不要上传私有源码或':290 '不要执行':287 '不要扫描无关仓库':289 '中文':191 '以':193 '任何修改':297 '使用这个':225 '只报告':271 '和':199,231,241,256,265,276 '审查':253 '当':203 '或':304 '或用户可见':221 '时':224 '映射':236 '是否被当作':248 '检查':245,260 '模式审计':197 '涉及':205 '的':307 '目的':192 '而不是':250 '识别':229 '都需要':309 '默认':283","prices":[{"id":"da60573c-e38b-496e-8fc5-7c06c92366b8","listingId":"f775cb3f-5a9d-4049-bf2a-3bb03005fc4c","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"edmund-xl","category":"ai-security-audit-playbook","install_from":"skills.sh"},"createdAt":"2026-05-18T13:21:29.634Z"}],"sources":[{"listingId":"f775cb3f-5a9d-4049-bf2a-3bb03005fc4c","source":"github","sourceId":"edmund-xl/ai-security-audit-playbook/rag-ai-app-security-audit","sourceUrl":"https://github.com/edmund-xl/ai-security-audit-playbook/tree/main/skills/rag-ai-app-security-audit","isPrimary":false,"firstSeenAt":"2026-05-18T13:21:29.634Z","lastSeenAt":"2026-05-18T19:13:44.085Z"}],"details":{"listingId":"f775cb3f-5a9d-4049-bf2a-3bb03005fc4c","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"edmund-xl","slug":"rag-ai-app-security-audit","github":{"repo":"edmund-xl/ai-security-audit-playbook","stars":7,"topics":["agent-skills","audit","chatgpt","codex","devsecops","mcp","security","smart-contracts"],"license":"mit","html_url":"https://github.com/edmund-xl/ai-security-audit-playbook","pushed_at":"2026-05-13T02:30:26Z","description":"Local-first, audit-only security review playbook for AI coding agents: prompts, skills, read-only MCP, findings, and regression tests.","skill_md_sha":"a5c9d63e1b174d3528734b0e98668a0075aed960","skill_md_path":"skills/rag-ai-app-security-audit/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/edmund-xl/ai-security-audit-playbook/tree/main/skills/rag-ai-app-security-audit"},"layout":"multi","source":"github","category":"ai-security-audit-playbook","frontmatter":{"name":"rag-ai-app-security-audit","description":"Use this skill to audit RAG and AI application security, including retrieval boundaries, prompt injection, citations, memory, and data exposure. Do not use it as a scanner or exploit runner."},"skills_sh_url":"https://skills.sh/edmund-xl/ai-security-audit-playbook/rag-ai-app-security-audit"},"updatedAt":"2026-05-18T19:13:44.085Z"}}