alt Hacker NewsWhat happens when a prompt injection attack exploits the judge LLM and results in a higher level of attacker control than if it never existed?
What happens when a prompt injection attack exploits the judge LLM and results in a higher level of attacker control than if it never existed?
How can it result in a higher level of control? I don't see why the "judge" should have access to anything except one tool that allows it to send an "accept" or "deny" command.