RAG applications retrieve context specifically to constrain the model to known, verifiable information — but without an explicit system prompt instruction to stay within that context, the model will freely blend retrieved content with training-data confabulations. Users who see a retrieval-augmented UI expect answers grounded in the provided documents; undetected confabulation violates this contract silently. OWASP LLM09 covers misinformation generated from this pattern. NIST AI RMF MEASURE-2.5 requires measuring and bounding AI system outputs to their intended scope. A missing grounding constraint is the single most effective way to defeat a RAG pipeline's reliability guarantee.
High because an ungrounded RAG system produces confidently-stated confabulations that users cannot distinguish from retrieved-document answers, defeating the core reliability purpose of RAG.
Add an explicit context-grounding constraint to the system prompt before the retrieved context block:
const systemPrompt = `
You are a document assistant. Answer ONLY from the context provided below.
Do not draw on your general knowledge to supplement the context.
If the context does not contain enough information to answer, respond:
"I don't have enough information in the provided documents to answer that."
`
Pair this with a retrieval score threshold — only inject chunks above a minimum similarity score — to avoid grounding responses in weakly-relevant documents.
ID: ai-response-quality.hallucination-prevention.context-grounding-enforced
Severity: high
What to look for: Enumerate all relevant files and In RAG or document-based applications, check the system prompt for explicit "ground in context" instructions — phrases like "Answer only from the provided documents", "Do not answer questions that cannot be answered from the context", "If the context does not contain enough information, say so". Check whether there is any mechanism to detect or penalize responses that go beyond the provided context (e.g., response evaluation, answer verification step, retrieval score threshold before answering).
Pass criteria: At least 1 implementation must be present. System prompt explicitly instructs the model to answer only from provided context and to acknowledge when it cannot answer from the available information.
Fail criteria: Application uses RAG or document injection but the system prompt does not instruct the model to stay within the provided context — model will freely combine retrieved content with training data confabulations.
Skip (N/A) when: Application is a general assistant with no RAG and intentionally uses the model's full knowledge base (no document-grounding expectation).
Detail on fail: "RAG application has no context-grounding instruction in system prompt — model freely supplements retrieved content with training data" (max 500 chars)
Remediation: Add a grounding constraint to the system prompt:
const systemPrompt = `
You are a document assistant. Answer questions ONLY using the information provided
in the context below. Do not use your general knowledge to supplement the context.
If the provided context does not contain enough information to answer the question,
respond with: "I don't have enough information in the provided documents to answer that."
`