[mrbungie]

Pretty sure simonw's lethal trifecta [1] has not been "fairly well" mitigated.

[1] https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/

[thedevilslawyer]

Good thing we're not talking about a LLM then.

From the article: It's a side page agent that has only access to the page, and outputs content in text only, and awaits user confirmation on actions. It's all on the page. It's I guess it's a mono-fecta?

[mrbungie]

Then it's contained but depending on the user it can be a vector for a (para)-social engineering attack.

PS: It is Gemini based, that's an LLM.