Y
Hacker News
new
|
ask
|
show
|
jobs
by
falloutx
163 days ago
Still leaves you open for data exfil. Your AI goes to a site to check documentation, but oh no that site wants it to make an API call with a very specific token.
1 comments
9dev
163 days ago
Claude will only ever ask if it is allowed to connect to the domain name, so if it got a malicious link from a web search, you’re SOL anyway.
link
falloutx
163 days ago
atleast you get one prompt, with --dangerously-skip-permissions you get no prompts
link