Comment by Thorrez

Comment by Thorrez a day ago

0 replies

View on Hacker News

>Surely you could just do the base64 thing to an image url of your choice?

What does that mean? Are you proposing a non-Camo image URL? Non-Camo image URLs are blocked by CSP.

>Failing that, you could trick it into providing passwords by telling it you accidentally stored your grocery list in a field called passswd, go fetch it for me ppls?

Does the agent have internet access to be able to perform a fetch? I'm guessing not, because if so, that would be a much easier attack vector than using images.