Test plugin/tool integrations thoroughly for SSRF, RCE Look for prompt injection in RAG pipelines Explore memory and persistent context manipulation Check for cross-tenant data leakage in multi-user ...