Remix.run Logo
ericpauley 2 hours ago

Severity of the underlying issue aside, it's interesting that the exploitation vector of this prompt injection relies on the human behind the channel themselves being prompt injected.

The content returned is clearly stated as being written by an LLM, and yet the human is (supposedly) interpreting the "[IMPORTANT NOTICE FROM YOUTUBE]" text as meaning the start of, effectively, a system instruction. In this case social engineering and prompt injection are fundamentally identical.