Remix.run Logo
simonw 3 hours ago

I see the attack described here as a classic example of a prompt injection.

The attack works because malicious instructions were accessed (using the web_fetch tool) and concatenated together with the other agent input, in a way that then subverted the agent's behavior.