rag-cag-security
Security patterns for RAG and CAG systems with multi-tenant isolation. Use when building retrieval-augmented or cache-augmented generation systems that require tenant isolation, access control, and secure data handling.
Best use case
rag-cag-security is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Security patterns for RAG and CAG systems with multi-tenant isolation. Use when building retrieval-augmented or cache-augmented generation systems that require tenant isolation, access control, and secure data handling.
Teams using rag-cag-security should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/rag-cag-security/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How rag-cag-security Compares
| Feature / Agent | rag-cag-security | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Security patterns for RAG and CAG systems with multi-tenant isolation. Use when building retrieval-augmented or cache-augmented generation systems that require tenant isolation, access control, and secure data handling.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# RAG/CAG Security Skill
This skill provides security patterns for RAG and CAG systems.
## Multi-Tenant Architecture
### Tenant Isolation Strategies
1. **Namespace Isolation** - Separate vector namespaces per tenant
2. **Metadata Filtering** - Filter by tenant_id at query time
3. **Separate Collections** - Isolated collections per tenant
```python
# Metadata filtering approach
results = vector_store.similarity_search(
query,
filter={"tenant_id": current_user.tenant_id}
)
```
## Access Control
### Document-Level Permissions
```python
@dataclass
class Document:
id: str
content: str
tenant_id: str
access_groups: list[str]
classification: str # public, internal, confidential
def can_access(user: User, doc: Document) -> bool:
return (
user.tenant_id == doc.tenant_id
and any(g in doc.access_groups for g in user.groups)
and user.clearance >= doc.classification
)
```
## Prompt Injection Prevention
```python
def sanitize_retrieved_context(chunks: list[str]) -> str:
"""Sanitize retrieved chunks before including in prompt."""
sanitized = []
for chunk in chunks:
# Remove potential instruction patterns
cleaned = remove_instruction_patterns(chunk)
# Escape special characters
escaped = escape_prompt_chars(cleaned)
sanitized.append(escaped)
return "\n".join(sanitized)
```
## Data Classification
| Level | Description | Handling |
|-------|-------------|----------|
| Public | Open information | No restrictions |
| Internal | Company-only | Tenant isolation |
| Confidential | Sensitive | Encryption + audit |
| Restricted | Highly sensitive | Need-to-know basis |
## Security Checklist
- [ ] Tenant isolation implemented
- [ ] Document-level access control
- [ ] Retrieved content sanitized
- [ ] Audit logging enabled
- [ ] Data encryption at rest
- [ ] Secure API authenticationRelated Skills
mcp-security
Use when securing MCP servers, preventing prompt injection, implementing authorization, validating user input, or building secure multi-agent pipelines. Provides 5-layer defense architecture patterns.
zod
Zod schema validation patterns and type inference. Auto-loads when validating schemas, parsing data, validating forms, checking types at runtime, or using z.object/z.string/z.infer in TypeScript.
typescript-import-style
Merge-friendly import formatting (one-per-line, alphabetical). Auto-loads when writing TypeScript/JavaScript imports to minimize merge conflicts in parallel development. Enforces consistent grouping and sorting.
setup-mcp-auth
Configure authentication for an existing FastMCP server
fastmcp
FastMCP TypeScript framework patterns for MCP servers. Auto-loads when building MCP servers, creating tools/resources/prompts, implementing authentication, configuring transports, or working with FastMCP in TypeScript.
add-mcp-tool
Add a new tool to an existing FastMCP server with guided configuration
add-mcp-resource
Add a new resource or resource template to an existing FastMCP server
plan-with-team
Validate plan file ownership
privacy-compliance
GDPR, CCPA, and privacy compliance guidance for data protection. Use when handling personal data, implementing consent management, or ensuring regulatory compliance across jurisdictions.
oauth
OAuth 2.0 and OpenID Connect implementation patterns. Use when implementing authentication, authorization flows, or integrating with OAuth providers like Google, GitHub, or custom identity providers.
chunking-strategies
Document chunking strategies for RAG systems. Use when implementing document processing pipelines to determine optimal chunking approaches based on document type and retrieval requirements.
review-django-commands
Review Django management commands for proper structure and refactor if needed