Well all these bugs (iTerm2’s, prompt injection, SQL injection, XSS) are one class of mistake — you sent out-of-band data in the same stream as the in-band data.

If we can get that to raise a red flag with people (and agents), people won’t be trying to put control instructions alongside user content (without considering safeguards) as much.

▲

ammar2 2 hours ago | parent [-]

> (and agents)

Ironically, agents have the exact same class of problem.

	▲	layoric an hour ago \| parent [-]
		+100 this. As devs we need to internalise this issue to avoid repeating the same class of exploits over and over again.