rag-cag-security

What problem does it solve?

Ensuring data privacy, access control, and protection against prompt injection in Retrieval-Augmented Generation (RAG) and Cache-Augmented Generation (CAG) systems, especially in multi-tenant environments, is a complex and critical challenge. This Skill provides robust security patterns.

Core Features & Use Cases

• Multi-Tenant Architecture: Strategies for tenant isolation, including namespace isolation, metadata filtering, and separate collections in vector stores.
• Access Control: Patterns for implementing document-level permissions based on user roles, groups, and data classification.
• Prompt Injection Prevention: Techniques and code examples for sanitizing retrieved content before it's included in an LLM prompt.
• Data Classification: Guidelines for categorizing data (Public, Internal, Confidential, Restricted) and handling it securely.
• Use Case: Designing a secure multi-tenant RAG system, implementing document-level access control for retrieved content, sanitizing retrieved chunks before prompt inclusion, or classifying sensitive data in an AI pipeline.

Quick Start

Use the rag-cag-security skill to generate a Python code snippet for filtering vector store results by tenant_id.