| ▲ | charcircuit 5 hours ago | |
It would be safer if these data extraction takes were done by a subagent without access to all the user's memories. | ||
| ▲ | lifthrasiir 5 hours ago | parent [-] | |
I think it is already done via a subagent, otherwise the context window would be flooded with long responses. In this case the subagent should've reported that a (attacker-controlled) authorization is required anyway. | ||