Comment by giancarlostoro
Comment by giancarlostoro 2 days ago
The first LLM only knows to delegate and cannot respond.
Comment by giancarlostoro 2 days ago
The first LLM only knows to delegate and cannot respond.
It can still be injected to delegate in a different way than the user would expect/want it to.
But it can be tricked into delegating incorrectly - for example, to the "allowed to use confidential information" agent instead of the "general purpose" agent