Skill

rag-cag-security

Provides security patterns for RAG/CAG systems including multi-tenant isolation strategies, document-level access control, prompt injection prevention, data classification, and checklists. Use for secure retrieval- or cache-augmented generation with tenant isolation.

Python

security

ai-ml

npx claudepluginhub jpoutrin/product-forge --plugin rag-cag

Tool Access

This skill uses the workspace's default tool permissions.

Preview

This skill provides security patterns for RAG and CAG systems.

SKILL.md

Similar Skills

rag-security

Flags prompt injection, SSRF, and context flooding in RAG pipelines ingesting docs or fetching URLs for LLM prompts. Recommends domain allowlists, truncation, delimiters, logging.

soundcheck

security-patterns

169

Provides security patterns for authentication, defense-in-depth, input validation, OWASP Top 10, LLM safety, and PII masking. Useful for auth flows, sanitization, vulnerability prevention, prompt injection defense, and data redaction.

20 files5 tools

ork

guardrails

Security techniques and quality control for prompts and agents

2 files1 tool

fuse-prompt-engineer

Stats

Parent Repo Stars10

Parent Repo Forks1

Last CommitFeb 4, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

RAG/CAG Security Skill

This skill provides security patterns for RAG and CAG systems.

Multi-Tenant Architecture

Tenant Isolation Strategies

Namespace Isolation - Separate vector namespaces per tenant

Metadata Filtering - Filter by tenant_id at query time

Separate Collections - Isolated collections per tenant

# Metadata filtering approach results = vector_store.similarity_search( query, filter={"tenant_id": current_user.tenant_id} )

Access Control

Document-Level Permissions

@dataclass class Document: id: str content: str tenant_id: str access_groups: list[str] classification: str # public, internal, confidential def can_access(user: User, doc: Document) -> bool: return ( user.tenant_id == doc.tenant_id and any(g in doc.access_groups for g in user.groups) and user.clearance >= doc.classification )

Prompt Injection Prevention

def sanitize_retrieved_context(chunks: list[str]) -> str: """Sanitize retrieved chunks before including in prompt.""" sanitized = [] for chunk in chunks: # Remove potential instruction patterns cleaned = remove_instruction_patterns(chunk) # Escape special characters escaped = escape_prompt_chars(cleaned) sanitized.append(escaped) return "\n".join(sanitized)

Data Classification

Level

Description

Handling

Public

Open information

No restrictions

Internal

Company-only

Tenant isolation

Confidential

Sensitive

Encryption + audit

Restricted

Highly sensitive

Need-to-know basis

Security Checklist

RAG/CAG Security Skill

This skill provides security patterns for RAG and CAG systems.

Multi-Tenant Architecture

Tenant Isolation Strategies

Namespace Isolation - Separate vector namespaces per tenant
Metadata Filtering - Filter by tenant_id at query time
Separate Collections - Isolated collections per tenant

# Metadata filtering approach
results = vector_store.similarity_search(
    query,
    filter={"tenant_id": current_user.tenant_id}
)

Access Control

Document-Level Permissions

@dataclass
class Document:
    id: str
    content: str
    tenant_id: str
    access_groups: list[str]
    classification: str  # public, internal, confidential

def can_access(user: User, doc: Document) -> bool:
    return (
        user.tenant_id == doc.tenant_id
        and any(g in doc.access_groups for g in user.groups)
        and user.clearance >= doc.classification
    )

Prompt Injection Prevention

def sanitize_retrieved_context(chunks: list[str]) -> str:
    """Sanitize retrieved chunks before including in prompt."""
    sanitized = []
    for chunk in chunks:
        # Remove potential instruction patterns
        cleaned = remove_instruction_patterns(chunk)
        # Escape special characters
        escaped = escape_prompt_chars(cleaned)
        sanitized.append(escaped)
    return "\n".join(sanitized)

Data Classification

Level	Description	Handling
Public	Open information	No restrictions
Internal	Company-only	Tenant isolation
Confidential	Sensitive	Encryption + audit
Restricted	Highly sensitive	Need-to-know basis