Doctrinal exposure audit: indirect injection, RAG poisoning, and interpretive risk

Type: Clarification

Conceptual version: 1.0

Stabilization date: 2026-02-28

This page clarifies what a doctrinal exposure audit is: a structured reading of surfaces that can make consumed authority drift (indirect injection, RAG poisoning, instruction/data confusion), and thus increase interpretive risk.

In an interpreted web, the central question is no longer only “what does the site say?” but “what can an AI system ingest as authority and reuse as truth?”. A doctrinal exposure audit does not target SEO performance in the classic sense. It targets an ecosystem’s exposure to interpretation drifts and authority-type attacks.

On gautierdorval.com, this audit is defined as an audit of surfaces, provenance, and response conditions. It does not replace a technical security analysis, but stabilizes what the ecosystem authorizes as reading, citation, and ingestion.

Operational definition

Doctrinal exposure audit: structured analysis of a site or corpus to identify surfaces where an AI system could:

consume an instruction as data (or vice versa)
grant an illegitimate authority rank to a fragment
ingest contaminated content via retrieval (RAG) or processing tasks (summary, extraction)
stabilize a non-canonical interpretation through repetition, citation, or overrepresentation.

The objective is not to “prove an attack”, but to measure exposure to the mechanisms that make an attack possible, persistent, or credible.

Perimeter: what is audited

Content surfaces: pages, articles, secondary sections, footers, repeated blocks, comments, recurring fragments.
Machine-first surfaces: governance files, policies, definitions, negations, sitemaps, dedicated endpoints.
Signals and metadata: titles, descriptions, OpenGraph, structured data, canonical/hreflang, indexability.
Provenance: integrated sources, imports, citations, reproductions, syndicated content, duplication, canonicalization.
Response conditions: authority bounds and rules that determine what can be asserted.

Risk axes (doctrinal reading)

1) Indirect injection

Identify surfaces where a legitimate task (“summarize this content”) could ingest hidden or ambiguous instructions and elevate them in the authority hierarchy.

2) RAG poisoning

Identify content that could be indexed, chunked, and recalled as authoritative context when it should not be.

3) Interpretive risk

Identify zones where a response produced from site content would be plausible but incorrect, for lack of explicit bounds, negations, or canonical hierarchy.