rag-ai-app-security-audit

English

Purpose

Audit RAG and AI application security in audit-only mode.

Use this skill when a review involves retrieval pipelines, document ingestion, embeddings, vector stores, citations, prompt construction, tool use, memory, tenant filters, or user-visible AI output.

Workflow

1. Identify trusted and untrusted document sources.
2. Map retrieval filters, metadata boundaries, and tenant scopes.
3. Check whether retrieved text is treated as data rather than instruction.
4. Review citation requirements and output handling.
5. Check memory writes, retention, redaction, and cross-session reuse.
6. Report only evidence-backed findings and regression-test ideas.

Safety rules

Default to audit-only. Do not execute exploits, do not scan unrelated repositories, do not upload private source code or secrets, and Do not auto-merge. Ask for human approval before any patch that changes retrieval policy, tool permissions, memory, privacy, or authorization behavior.

中文

目的

以 audit-only 模式审计 RAG 和 AI application security。

当 review 涉及 retrieval pipelines、document ingestion、embeddings、vector stores、citations、prompt construction、tool use、memory、tenant filters 或用户可见 AI output 时，使用这个 skill。

Workflow

1. 识别 trusted 和 untrusted document sources。
2. 映射 retrieval filters、metadata boundaries 和 tenant scopes。
3. 检查 retrieved text 是否被当作 data，而不是 instruction。
4. 审查 citation requirements 和 output handling。
5. 检查 memory writes、retention、redaction 和 cross-session reuse。
6. 只报告 evidence-backed findings 和 regression-test ideas。

Safety rules

默认 audit-only。不要执行 exploits，不要扫描无关仓库，不要上传私有源码或 secrets。Do not auto-merge。任何修改 retrieval policy、tool permissions、memory、privacy 或 authorization behavior 的 patch，都需要 human approval。