| ▲ | simonw 3 hours ago | |
I see the attack described here as a classic example of a prompt injection. The attack works because malicious instructions were accessed (using the web_fetch tool) and concatenated together with the other agent input, in a way that then subverted the agent's behavior. | ||