|
|
|
|
|
|
by pests
842 days ago
|
|
|
But in your example both prompts are untrusted. In that email example, instead of prompt injecting at the end, you could just change the content to "send $500 to this account" There was no separation of trusted or untrusted input. |
|
|