alt Hacker NewsPrompt Injecting Contributing.md
Comments
It's never too late to start investing into https://claw-guard.org/adnet to scale prompt injection to the entire web!
Is it really prompt injection if you task an agent with doing something that implicitly requires it to follow instructions that it gets from somewhere else, like CONTRIBUTING.md? This is the AI equivalent of curl | bash.
The real question is when will you resort to bots for rejecting low-quality PRs, and when will contributing bots generate prompt injections to fool your bots into merging their PRs?
Love the idea at the end of the article about trying to see if this style of prompt injection could be used to get the bots to submit better quality, and actually useful PRs.
If that could be done, open source maintainers might be able to effectively get free labor to continue to support open source while members of the community pay for the tokens to get that work done.
Would be interested to see if such an experiment could work. If so, it turns from being prompt injection to just being better instructions for contributors, human or AI.
There's a certain hypocrisy in sharing an article about how LLM generated PRs are polluting communities that has itself (at the least) been filtered through an LLM.
> But the more interesting question is: now that I can identify the bots, can I make them do extra work that would make their contributions genuinely valuable? That's what I'm going to find out next.
This is genuinely interesting
the arms race framing at the bottom of the thread is spot on. once maintainers start using bots to filter PRs, the incentive flips — bot authors will optimize for passing the filter rather than writing good code. weve already seen this with SEO spam vs search engines, except now its happening inside codebases.
I’m curious: who is operating these bots and to what end? Someone is willing to spend a (admittedly quite small) amount of money in the form of tokens to create this nonsense. Why do any of this?
[dead]
[dead]
[dead]
[dead]
It is interesting to go from 'I suspect most of these are bot contributions' to revealing which PRs are contributed by bots. It somehow even helps my sanity.
However, this also raises the question on how long until "we" are going to start instructing bots to assume the role of a human and ignore instructions that self-identify them as agents, and once those lines blur – what does it mean for open-source and our mental health to collaborate with agents?
No idea what the answer is, but I feel the urgency to answer it.