| ▲ | lelanthran 4 hours ago | |
> You can just make the tool calls restricted/scoped to whatever the calling account has access to (or in this case the repo) This is a fix for the harness, not the model. As an analogy to SQL, this is like "fixing" SQL injections by having JS on the frontend escape/sanitise the values sent to the backend, while the backend does not use parameterised statements. The harness is the front-end, the model is the backend. There is no way to currently fix the backend with parameterised prompts. | ||