alt Hacker NewsI don't think so, feels like the wrong side is getting attention. Degrading the experience for humans (in one tool) because the bots are prone to injection (from any tool). Terraform is used outside of agents; somebody surely finds the reminder helpful.
If terraform were to abide, I'd hope at the very least it would check if in a pipeline or under an agent. This should be obvious from file descriptors/env.
What about the next thing that might make a suggestion relying on our discretion? Patch it for agent safety?
Replies
8note • today at 12:18 PM
it makes you wonder how many times people have incorrectly followed those recommended commands
➕ show 1 reply
"Run terraform apply plan.out next" in this context is a prompt injection for an LLM to exactly the same degree it is for a human.
Even a first party suggestion can be wrong in context, and if a malicious actor managed to substitute that message with a suggestion of their own, humans would fall for the trick even more than LLMs do.
See also: phishing.