|
|
|
|
|
|
by dylanfw
392 days ago
|
|
|
The "surprise" is not that the agent can respond with private repository details, it's that it can receive and act upon prompts issued by someone other than the person running the agent, hence "prompt _injection_". Or to come back to the SQL injection analogy, no one is surprised that the web app can query the database for password hashes. The surprise is that it can be instructed to do so when loading the next image in a carousel. |
|
|