hybrid-rag-project

The system operates entirely locally, mitigating network-based data exfiltration risks. Configuration is handled via `config.yaml`, avoiding hardcoded secrets in the codebase. User-provided queries are processed through LangChain's RAG chain and structured query engine. While the `StructuredQueryEngine` internally uses `df.query()` for structured data, which can be a vector for injection if arbitrary user input were passed directly, the exposed MCP tools (`count_by_field`, `filter_dataset`) validate inputs by field and value, rather than raw query strings, significantly reducing this risk in the MCP context. The LLM prompt explicitly instructs the model to use 'ONLY the provided context' and 'NEVER make up or infer information', which aims to reduce hallucination and potential prompt injection leading to unintended actions, though LLM-based injection remains a theoretical challenge for any RAG system.