| ▲ | comex 3 hours ago | |
Two issues. First: If Fiu is a standard OpenClaw assistant then it should retain context between emails, right? So it will know it's being hit with nonstop prompt injection attempts and will become paranoid. If so, that isn't a realistic model of real prompt injection attacks. Second: What exactly is Fiu instructed to do with these emails? It doesn't follow arbitrary instructions from the emails, does it? If it did, then it ought to be easy to break it, e.g. by uploading a malicious package to PyPI and telling the agent to run `uvx my-useful-package`, but that also wouldn't be realistic. I assume it's not doing that and is instead told to just… what, read the emails? Act as someone's assistant? What specific actions is it supposed to be taking with the emails? (Maybe I would understand this if I actually had familiarity with OpenClaw.) | ||
| ▲ | cuchoi 2 hours ago | parent [-] | |
Creator here. You are right, fiu figured it out: https://x.com/Cucho/status/2023813212454715769 This doesn't mean you could still hack it! | ||