|
|
|
|
|
|
by rafram
162 days ago
|
|
|
Containerization can probably prevent zero-click exfiltration, but one-click is still trivial. For example, the skill could have Claude tell the user to click a link that submits the data to an attacker-controlled server. Most users would fall for "An unknown error occurred. Click to retry." The fundamental issue of prompt injection just isn't solvable with current LLM technology. |
|
|