|
|
|
|
|
|
by luke_s
1098 days ago
|
|
|
Their docs suggest you could allow the model to extract structured data by giving it the ability to call a function like `sql_query(query: string)`, which is presumably connected to your DB. This seems wildly dangerous. I wonder how hard it would be for a user to convince the GPT to run a query like `DROP TABLE ...` I think a good mental security model might be - if you wouldn't expose your function as an unsecured endpoint on the web, then you probably shouldn't expose it to a LLM |
|
|