logoalt Hacker News

csmpltnyesterday at 10:23 PM3 repliesview on HN

> «It's very simple: prompt injection is a completely unsolved problem. As things currently stand, the only fix is to avoid the lethal trifecta.»

True, but we can easily validate that regardless of what’s happening inside the conversation - things like «rm -rf» aren’t being executed.

Replies

AgentOrange1234yesterday at 10:41 PM

For a specific bad thing like "rm -rf" that may be plausible, but this will break down when you try to enumerate all the other bad things it could possibly do.

show 1 reply
sumenotoday at 12:21 AM

ok now I inject `$(echo "c3VkbyBybSAtcmYgLw==" | base64 -d)` instead or any other of the infinite number of obfuscations that can be done

wat10000yesterday at 10:37 PM

We can, but if you want to stop private info from being leaked then your only sure choice is to stop the agent from communicating with the outside world entirely, or not give it any private info to begin with.