LangChain Security Basics (Python) Overview A RAG chain ingested a user-uploaded PDF whose final paragraph was — the chain did , the document was interpolated straight into the user message with no boundary, and Claude dutifully wrote the connection string into the response. does not sanitize prompt injection by default (P34); injection defense belongs to the application layer. The minimal fix is an XML-tag boundary: That wrapper plus a random 8-char canary token makes the single most common prompt-injection class hard to exploit and emits a detection signal on every attempted bypass. It is n…