Comment by kahnclusions

I think it’s because the state is leaving the backend server running the LLM and output to the browser, where various attacks are possible to send requests out to the internet (either directly or through social engineering).

Avoiding C means the output is strictly used within your system.

These problems will never be fully solved given how LLMs work… system prompts, user inputs, at the end of the day it’s all just input to the model.