|
|
|
|
|
|
by charcircuit
245 days ago
|
|
|
The rule is to operate using the intersection of all the users permissions of who is contributing text to the LLM. Why can an attacker's prompt access a repo the attacker does not have access to? That's the biggest issue here. |
|
|