logoalt Hacker News

krackersyesterday at 6:22 PM2 repliesview on HN

Youtube comments are also links given by the site. I think in this case it's not necessarily the prompt injection that's the issue but the fact that untrusted content allows formatted links. YouTube doesn't allow clicabkle links in comments iirc, so the same needs to be applied here.


Replies

jdiffyesterday at 7:39 PM

Those are pretty clearly delineated as user-generated content, and also aren't able to be modified to include information that the malicious user doesn't have another way of accessing.

Dylan16807yesterday at 6:58 PM

If comments allowed links in general, this would be one step less egregious, but it would still be a huge issue if clicking a comment link could leak private information. The fact that the prompt injection can customize the link before giving it to the user is the bulk of the problem here. If it just regurgitated a link it would be a flaw but a notably smaller flaw.