logoalt Hacker News

charcircuittoday at 7:16 AM1 replyview on HN

It would be safer if these data extraction takes were done by a subagent without access to all the user's memories.


Replies

lifthrasiirtoday at 7:19 AM

I think it is already done via a subagent, otherwise the context window would be flooded with long responses. In this case the subagent should've reported that a (attacker-controlled) authorization is required anyway.