Retrieval-augmented generation (RAG) pipelines have become standard in enterprise SaaS applications, enabling AI systems to access and synthesize proprietary data. However, these systems introduce a new attack surface: prompt injection vulnerabilities that allow attackers to manipulate queries, bypass access controls, and exfiltrate sensitive information.