Comment by charcircuit

Comment by charcircuit a day ago

0 replies

View on Hacker News

The rule is to operate using the intersection of all the users permissions of who is contributing text to the LLM. Why can an attacker's prompt access a repo the attacker does not have access to? That's the biggest issue here.