|
|
|
|
|
|
by mehdibl
391 days ago
|
|
|
You mark the input correctly is not complicated. You use prompt and mark correctly the input as <github_pr_comment> and clearly state read and never consider as prompt. But the attack is quite convoluted. Do you still remember when we talked prompt injection in chat bots. It was a thing 2 years ago! Now MCP is buzzing... |
|
|