So we know Claude’s mitigation. What is Ramp’s? Same warning dialog?

It’s funny that this technology only admits in-band signaling. Given that, any foreign content is risky. It’s actually quite interesting that the current technological ecosystem is built around a high trust situation: npm, pip, cargo all run foreign code in the developer context and communities have norms of downloading random people’s modules.

And so I suppose it’s no surprise that we use LLMs - another tech that is high-trust: since it has no out of band signaling ability.

But it seems like we’re very close to the end of the era where someone will use (in a sensitive system) arbitrary web content carrying the equivalent of merged code/data.