Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
burkaman 8 hours ago

In this demonstration they use a .docx with prompt injection hidden in an unreadable font size, but in the real world that would probably be unnecessary. You could upload a plain Markdown file somewhere and tell people it has a skill that will teach Claude how to negotiate their mortgage rate and plenty of people would download and use it without ever opening and reading the file. If anything you might be more successful this way, because a .md file feel less suspicious than a .docx.

raincole an hour ago | parent | next [-]

> because a .md file feel less suspicious than a .docx

For a programmer?

I bet 99.9% people won't consider opening a .docx or .pdf 'unsafe.' Actually, an average white-collar workers will find .md much more suspicious because they don't know what it is while they work with .docx files every day.

bandrami 3 hours ago | parent | prev | next [-]

Isn't one of the main use cases of Cowork "summarize this document I haven't read for me"?

fragmede 8 hours ago | parent | prev | next [-]

Mind you, that opinion isn't universal. For programmer and programmer-adjacent technically minded individuals, sure, but there are still places where a pdf for a resume over docx is considered "weird". For those in that bubble, which ostensibly this product targets, md files are what hackers who are going to steal my data use.

burkaman 8 hours ago | parent | next [-]

Yeah I guess I meant specifically for the population that uses LLMs enough to know what skills are.

reactordev 4 hours ago | parent | prev [-]

This is why I use signed PDF’s. If a recruiter or manager asks for a docx, I move on.

You’re only going to ever get a read only version.

jkaplowitz 10 minutes ago | parent | next [-]

All PDF security can be stripped by freely available software in ways that allow subsequent modifications without restriction, except the kind of PDF security that requires an unavailable password to decrypt to view, but in that case viewing isn’t possible either.

Subsequent modifications would of course invalidate any digital signature you’ve applied, but that only matters if the recipient cares about your digital signature remaining valid.

Put another way, there’s no such thing as a true read-only PDF if the software necessary to circumvent the other PDF security restrictions is available on the recipient’s computer and if preserving the validity of your digital signature is not considered important.

But sure, it’s very possible to distribute a PDF that’s a lot more annoying to modify than your private source format. No disagreement there.

w-ll 3 hours ago | parent | prev | next [-]

Care to share your resume? I've built PDF scanning tech before the rise of llms, OCR at the very least will defeat this.

jagged-chisel 3 hours ago | parent [-]

Are you talking about defeating digital signatures?

pluralmonad 2 hours ago | parent | prev [-]

Read-only... Until I ctrl-p in Firefox.

reactordev 2 hours ago | parent [-]

You can’t open it in a browser.

It requires a proper PDF viewer.

cyanydeez 6 hours ago | parent | prev [-]

The smart bear versus the unopenable trashcan.