detect-rag-injection-risks
Detect RAG/document inputs reaching LLM without content scanning.
Detect RAG/document inputs reaching LLM without content scanning.
OWASP LLM Top 10 2025: LLM01 - Prompt Injection
CWE: CWE-74
Severity: 🔴 High
Rule Details
Flags RAG operations and document retrieval without content scanning or Content Disarm and Reconstruction (CDR).
❌ Incorrect
const docs = await retriever.getRelevantDocuments(query);
await llm.complete(docs);
await vectorStore.addDocuments(documents);✅ Correct
const safe = await scanDocument(retrievedDoc);
await vectorStore.add(safe);
const clean = await cdr.process(document);
await embeddings.create(clean);Options
{
"secure-coding/detect-rag-injection-risks": [
"error",
{
"ragPatterns": ["retriever", "vectorstore", "embedding"],
"trustedSanitizers": ["scanDocument", "cdr", "contentFilter"]
}
]
}Version
Introduced in v2.3.0
Known False Negatives
The following patterns are not detected due to static analysis limitations:
Query from Variable
Why: Query strings from variables not traced.
// ❌ NOT DETECTED - Query from variable
const query = `SELECT * FROM users WHERE id = ${userId}`;
db.execute(query);Mitigation: Always use parameterized queries.
Custom Query Builders
Why: Custom ORM/query builders not recognized.
// ❌ NOT DETECTED - Custom builder
customQuery.where(userInput).execute();Mitigation: Review all query builder patterns.
Template Engines
Why: Template-based queries not analyzed.
// ❌ NOT DETECTED - Template
executeTemplate('query.sql', { userId });Mitigation: Validate all template variables.
detect-object-injection
Detects `variable[key]` as a left- or right-hand assignment operand (prototype pollution). This rule is part of [`eslint-plugin-secure-coding`](https://www.npmj
detect-suspicious-dependencies
This rule detects package imports that look like typosquatting attempts on popular npm packages. Typosquatting is a supply chain attack where malicious actors p