logoalt Hacker News

simonwtoday at 9:19 AM0 repliesview on HN

I see the attack described here as a classic example of a prompt injection.

The attack works because malicious instructions were accessed (using the web_fetch tool) and concatenated together with the other agent input, in a way that then subverted the agent's behavior.