A Haystack pipeline can be perfectly wired and still unsafe. The retriever returns documents. The ranker ranks them. The prompt builder formats them. The generator answers. Every component did its job. But if untrusted text moved through the pipeline as ordinary context, the trust boundary was lost. That is the problem this post is about. Not bad Python. Not broken pipeline wiring. Not a missing prompt instruction. A valid component connection only says: this value fits the next component Enter fullscreen mode Exit fullscreen mode It does not say: this value is safe to influence the next component Enter fullscreen mode Exit fullscreen mode That difference matters in RAG and agentic systems. This post shows how to add a trust boundary to a Haystack pipeline with Omega Walls. The core idea: Type-safe is not trust-safe. Why Haystack is a good place to think about boundaries Haystack makes AI pipelines explicit.…