Documentation
¶
Overview ¶
Indirect RAG Injection embeds instructions in publicly accessible documents that are ingested by RAG scrapers, achieving indirect prompt injection through the retrieval pipeline.
Source: Hidden-in-Plain-Text benchmark (arXiv 2601.10923)
KG RAG Poisoning inserts perturbation triples into knowledge graph RAG systems to create misleading inference chains.
Source: ScienceDirect research
Package rag implements RAG (Retrieval-Augmented Generation) pipeline attacks.
These attacks target the retrieval and generation stages of RAG systems, exploiting the trust that LLMs place in retrieved context to manipulate outputs, extract information, or inject instructions.
Vector Embedding Attack crafts adversarial documents whose vector representations cluster near target queries in embedding space.
The attack exploits the high-dimensionality (768/1536-dim) of embedding spaces to create documents that appear semantically relevant to target queries but contain adversarial content.
Source: Prompt Security research
Index ¶
- type IndirectRAGInjectionModule
- func (m *IndirectRAGInjectionModule) Category() common.AttackCategory
- func (m *IndirectRAGInjectionModule) Description() string
- func (m *IndirectRAGInjectionModule) Execute(ctx context.Context, provider common.Provider, config common.AttackConfig) (*common.AttackResult, error)
- func (m *IndirectRAGInjectionModule) Name() string
- func (m *IndirectRAGInjectionModule) Techniques() []common.TechniqueInfo
- type KGRAGPoisoningModule
- func (m *KGRAGPoisoningModule) Category() common.AttackCategory
- func (m *KGRAGPoisoningModule) Description() string
- func (m *KGRAGPoisoningModule) Execute(ctx context.Context, provider common.Provider, config common.AttackConfig) (*common.AttackResult, error)
- func (m *KGRAGPoisoningModule) Name() string
- func (m *KGRAGPoisoningModule) Techniques() []common.TechniqueInfo
- type PoisonedRAGModule
- func (m *PoisonedRAGModule) Category() common.AttackCategory
- func (m *PoisonedRAGModule) Description() string
- func (m *PoisonedRAGModule) Execute(ctx context.Context, provider common.Provider, config common.AttackConfig) (*common.AttackResult, error)
- func (m *PoisonedRAGModule) Name() string
- func (m *PoisonedRAGModule) Techniques() []common.TechniqueInfo
- type VectorEmbeddingAttackModule
- func (m *VectorEmbeddingAttackModule) Category() common.AttackCategory
- func (m *VectorEmbeddingAttackModule) Description() string
- func (m *VectorEmbeddingAttackModule) Execute(ctx context.Context, provider common.Provider, config common.AttackConfig) (*common.AttackResult, error)
- func (m *VectorEmbeddingAttackModule) Name() string
- func (m *VectorEmbeddingAttackModule) Techniques() []common.TechniqueInfo
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type IndirectRAGInjectionModule ¶
type IndirectRAGInjectionModule struct{}
IndirectRAGInjectionModule implements third-party content injection attacks.
func (*IndirectRAGInjectionModule) Category ¶
func (m *IndirectRAGInjectionModule) Category() common.AttackCategory
func (*IndirectRAGInjectionModule) Description ¶
func (m *IndirectRAGInjectionModule) Description() string
func (*IndirectRAGInjectionModule) Execute ¶
func (m *IndirectRAGInjectionModule) Execute(ctx context.Context, provider common.Provider, config common.AttackConfig) (*common.AttackResult, error)
func (*IndirectRAGInjectionModule) Name ¶
func (m *IndirectRAGInjectionModule) Name() string
func (*IndirectRAGInjectionModule) Techniques ¶
func (m *IndirectRAGInjectionModule) Techniques() []common.TechniqueInfo
type KGRAGPoisoningModule ¶
type KGRAGPoisoningModule struct{}
KGRAGPoisoningModule implements knowledge graph RAG attacks.
func (*KGRAGPoisoningModule) Category ¶
func (m *KGRAGPoisoningModule) Category() common.AttackCategory
func (*KGRAGPoisoningModule) Description ¶
func (m *KGRAGPoisoningModule) Description() string
func (*KGRAGPoisoningModule) Execute ¶
func (m *KGRAGPoisoningModule) Execute(ctx context.Context, provider common.Provider, config common.AttackConfig) (*common.AttackResult, error)
func (*KGRAGPoisoningModule) Name ¶
func (m *KGRAGPoisoningModule) Name() string
func (*KGRAGPoisoningModule) Techniques ¶
func (m *KGRAGPoisoningModule) Techniques() []common.TechniqueInfo
type PoisonedRAGModule ¶
type PoisonedRAGModule struct{}
PoisonedRAGModule implements document injection attacks against RAG pipelines. It crafts semantically meaningful poisoned texts designed to be retrieved by RAG systems and influence the LLM's generation.
Source: USENIX Security 2025 (PoisonedRAG pattern)
func (*PoisonedRAGModule) Category ¶
func (m *PoisonedRAGModule) Category() common.AttackCategory
func (*PoisonedRAGModule) Description ¶
func (m *PoisonedRAGModule) Description() string
func (*PoisonedRAGModule) Execute ¶
func (m *PoisonedRAGModule) Execute(ctx context.Context, provider common.Provider, config common.AttackConfig) (*common.AttackResult, error)
func (*PoisonedRAGModule) Name ¶
func (m *PoisonedRAGModule) Name() string
func (*PoisonedRAGModule) Techniques ¶
func (m *PoisonedRAGModule) Techniques() []common.TechniqueInfo
type VectorEmbeddingAttackModule ¶
type VectorEmbeddingAttackModule struct{}
VectorEmbeddingAttackModule implements adversarial embedding generation.
func (*VectorEmbeddingAttackModule) Category ¶
func (m *VectorEmbeddingAttackModule) Category() common.AttackCategory
func (*VectorEmbeddingAttackModule) Description ¶
func (m *VectorEmbeddingAttackModule) Description() string
func (*VectorEmbeddingAttackModule) Execute ¶
func (m *VectorEmbeddingAttackModule) Execute(ctx context.Context, provider common.Provider, config common.AttackConfig) (*common.AttackResult, error)
func (*VectorEmbeddingAttackModule) Name ¶
func (m *VectorEmbeddingAttackModule) Name() string
func (*VectorEmbeddingAttackModule) Techniques ¶
func (m *VectorEmbeddingAttackModule) Techniques() []common.TechniqueInfo