Comment by warkdarrior

Comment by warkdarrior 2 days ago

So you have some hierarchy of LLMs. The first LLM that sees the prompt is vulnerable to prompt injection.

The first LLM only knows to delegate and cannot respond.

maxfurman 2 days ago

But it can be tricked into delegating incorrectly - for example, to the "allowed to use confidential information" agent instead of the "general purpose" agent

Reply View | 0 replies
rafabulsing 2 days ago

It can still be injected to delegate in a different way than the user would expect/want it to.

Reply View | 0 replies