|
|
|
|
|
|
by niyikiza
162 days ago
|
|
|
Exactly. I'm experimenting with a "Prepared Statement" pattern for Agents to solve this: Before any tool call, the agent needs to show a signed "warrant" (given at delegation time) that explicitly defines its tool & argument capabilities. Even if prompt injection tricks the agent into wanting to run a command, the exploit fails because the agent is mechanically blocked from executing it. |
|
|