rag

package
v0.8.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 18, 2026 License: MIT Imports: 6 Imported by: 0

Documentation

Overview

Indirect RAG Injection embeds instructions in publicly accessible documents that are ingested by RAG scrapers, achieving indirect prompt injection through the retrieval pipeline.

Source: Hidden-in-Plain-Text benchmark (arXiv 2601.10923)

KG RAG Poisoning inserts perturbation triples into knowledge graph RAG systems to create misleading inference chains.

Source: ScienceDirect research

Package rag implements RAG (Retrieval-Augmented Generation) pipeline attacks.

These attacks target the retrieval and generation stages of RAG systems, exploiting the trust that LLMs place in retrieved context to manipulate outputs, extract information, or inject instructions.

Vector Embedding Attack crafts adversarial documents whose vector representations cluster near target queries in embedding space.

The attack exploits the high-dimensionality (768/1536-dim) of embedding spaces to create documents that appear semantically relevant to target queries but contain adversarial content.

Source: Prompt Security research

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type IndirectRAGInjectionModule

type IndirectRAGInjectionModule struct{}

IndirectRAGInjectionModule implements third-party content injection attacks.

func (*IndirectRAGInjectionModule) Category

func (*IndirectRAGInjectionModule) Description

func (m *IndirectRAGInjectionModule) Description() string

func (*IndirectRAGInjectionModule) Execute

func (*IndirectRAGInjectionModule) Name

func (*IndirectRAGInjectionModule) Techniques

type KGRAGPoisoningModule

type KGRAGPoisoningModule struct{}

KGRAGPoisoningModule implements knowledge graph RAG attacks.

func (*KGRAGPoisoningModule) Category

func (*KGRAGPoisoningModule) Description

func (m *KGRAGPoisoningModule) Description() string

func (*KGRAGPoisoningModule) Execute

func (*KGRAGPoisoningModule) Name

func (m *KGRAGPoisoningModule) Name() string

func (*KGRAGPoisoningModule) Techniques

func (m *KGRAGPoisoningModule) Techniques() []common.TechniqueInfo

type PoisonedRAGModule

type PoisonedRAGModule struct{}

PoisonedRAGModule implements document injection attacks against RAG pipelines. It crafts semantically meaningful poisoned texts designed to be retrieved by RAG systems and influence the LLM's generation.

Source: USENIX Security 2025 (PoisonedRAG pattern)

func (*PoisonedRAGModule) Category

func (m *PoisonedRAGModule) Category() common.AttackCategory

func (*PoisonedRAGModule) Description

func (m *PoisonedRAGModule) Description() string

func (*PoisonedRAGModule) Execute

func (*PoisonedRAGModule) Name

func (m *PoisonedRAGModule) Name() string

func (*PoisonedRAGModule) Techniques

func (m *PoisonedRAGModule) Techniques() []common.TechniqueInfo

type VectorEmbeddingAttackModule

type VectorEmbeddingAttackModule struct{}

VectorEmbeddingAttackModule implements adversarial embedding generation.

func (*VectorEmbeddingAttackModule) Category

func (*VectorEmbeddingAttackModule) Description

func (m *VectorEmbeddingAttackModule) Description() string

func (*VectorEmbeddingAttackModule) Execute

func (*VectorEmbeddingAttackModule) Name

func (*VectorEmbeddingAttackModule) Techniques

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL