require-rag-content-validation

📡 Live from GitHub — This documentation is fetched directly from require-rag-content-validation.md and cached for 6 hours.

Requires validation of RAG content before including in AI prompts.

This rule identifies code patterns where content retrieved from vector stores or document retrieval systems is used d...

📊 Rule Details

Property	Value
Type	suggestion
Severity	🟡 MEDIUM
OWASP Agentic	ASI07: Poisoned RAG Pipeline
CWE	CWE-74: Improper Neutralization
CVSS	6.0
Config Default	`warn` (recommended), `error` (strict)

🔍 What This Rule Detects

This rule identifies code patterns where content retrieved from vector stores or document retrieval systems is used directly in AI prompts without validation.

❌ Incorrect Code

// Direct vector store results in prompt
const docs = await vectorStore.search(query);
await generateText({
  prompt: `Based on these documents: ${docs}`,
});

// Unvalidated RAG inline
await streamText({
  prompt: `Context: ${await retrieve(query)}`,
});

// Direct search results
const results = await similaritySearch(embedding);
await generateObject({
  prompt: `Use this context: ${results}`,
});

✅ Correct Code

// Validated RAG content
const docs = await vectorStore.search(query);
await generateText({
  prompt: buildPrompt(validateContent(docs)),
});

// Sanitized retrieval
await streamText({
  prompt: `Context: ${sanitize(await retrieve(query))}`,
});

// Filtered results
const docs = await similaritySearch(embedding);
const safeDocs = filterDocs(docs);
await generateObject({
  prompt: buildRAGPrompt(safeDocs),
});

⚙️ Options

Option	Type	Default	Description
`ragPatterns`	`string[]`	`['search', 'retrieve', 'query', 'vectorStore', 'embeddings', 'similaritySearch']`	Patterns suggesting RAG operations
`validatorFunctions`	`string[]`	`['validate', 'sanitize', 'filter', 'clean', 'verify']`	Functions that validate RAG content

🛡️ Why This Matters

Poisoned RAG content can:

Inject instructions - Malicious documents override AI behavior
Bypass safety - Documents contain jailbreak prompts
Exfiltrate data - Documents request sensitive information
Spread misinformation - AI presents false information as fact

require-validated-prompt - Validate user prompts
no-dynamic-system-prompt - Static system prompts

Known False Negatives

The following patterns are not detected due to static analysis limitations:

Validation in Retrieval Function

Why: Validation inside retrieval functions is not visible.

// ❌ NOT DETECTED - Validation in retrieve
await generateText({
  prompt: await safeRetrieve(query), // Validates internally
});

Mitigation: Document validation. Apply rule to retrieval functions.

Custom RAG Patterns

Why: Non-standard retrieval methods may not be recognized.

// ❌ NOT DETECTED - Custom retrieval
const context = await myDocumentFetcher.get(query);
await generateText({ prompt: `Context: ${context}` });

Mitigation: Configure ragPatterns with custom method names.

Template Builders

Why: Template functions may hide RAG content.

// ❌ NOT DETECTED - Template obscures RAG
const prompt = buildRAGPrompt(docs); // Validation inside?
await generateText({ prompt });

Mitigation: Apply validation to template inputs.

Streamed RAG Content

Why: Streaming retrieval may not be detected.

// ❌ NOT DETECTED - Streaming RAG
for await (const doc of streamDocuments(query)) {
  // Each doc needs validation
}

Mitigation: Validate each streamed chunk.