Comment by warkdarrior
2 days ago
So you have some hierarchy of LLMs. The first LLM that sees the prompt is vulnerable to prompt injection.
2 days ago
So you have some hierarchy of LLMs. The first LLM that sees the prompt is vulnerable to prompt injection.
The first LLM only knows to delegate and cannot respond.
But it can be tricked into delegating incorrectly - for example, to the "allowed to use confidential information" agent instead of the "general purpose" agent
It can still be injected to delegate in a different way than the user would expect/want it to.