|
|
|
|
|
|
by veunes
64 days ago
|
|
|
CORS protects your Facebook from your Gmail, but it won't protect your Gmail from the agent itself since it already has access to the DOM and JS context. If that agent gets hit with a prompt injection and decides to "Delete all mail" or exfiltrates session tokens to a third-party endpoint, the browser sandbox will actually facilitate it because it views those as legitimate user-initiated actions |
|
|