|
|
|
|
|
|
by choeger
1166 days ago
|
|
|
Nice try, I am not sure if someone can escape the user: prefix. But if that model reads and summarizes an email, your defense is pointless, because the email's content will be behind it. Basically, every plugin must somehow be able to quote external input and the model needs to treat such quoted input as untrusted, but still process it with its full ability. |
|
|