|
|
|
|
|
|
by angry_octet
89 days ago
|
|
|
The LLM will easily leak these credentials out. So the creds should be outside the sandbox, and the only thing the sandbox should see is a connection API that opens a socket/file handle. Alternatively where is needs an API key, it should be one bound to the endpoint using it. E.g. a ticket granting ticket is used to create a bound ticket. A copy on write filesystem would be an interesting way to sandbox writes, but there is difficulty in checking the diff. |
|
|