If it has no access to your filesystem or network services that's better, but you're still giving input from an unknown party to an interpreter, with the extra bonus of that interpreter being non-deterministic by design.

But then again people today will also pipe curl to bash, so I may have lost this battle a while ago...

▲ antisol 9 minutes ago | parent | next [-]

  > But then again people today will also pipe curl to bash

OMG! I'm not alone! Thank you!

▲ munchler 2 hours ago | parent | prev [-]

> "Hey Claude, summarize, this document I downloaded from the Internet"

I think you've created confusion with this example due to its ambiguity. Let's be clear about the difference between a chatbot and an agent: Asking a chatbot (e.g. vanilla Claude) to summarize an unknown document is not risky, since all it can do is generate text. Asking an agent (e.g. Claude Code) to summarize an unknown document could indeed be risky for the reason you state.

	▲	astrange 2 hours ago \| parent \| next [-]
		Claude has tools and might be connected to your Gmail etc. Usually sandboxed.
	▲	esseph an hour ago \| parent \| prev [-]
		> Asking a chatbot (e.g. vanilla Claude) to summarize an unknown document is not risky, since all it can do is generate text. Prompt injection in the document itself is a risk to the LLM/You.