Comment by simonw

12 hours ago

Comments like this don't fill me with confidence: https://github.com/brexhq/CrabTrap/blob/4fbbda9ca00055c1554a...

  // The policy is embedded as a JSON-escaped value inside a structured JSON object.
  // This prevents prompt injection via policy content — any special characters,
  // delimiters, or instruction-like text in the policy are safely escaped by
  // json.Marshal rather than concatenated as raw text.

3 comments

simonw

samcollins 2 hours ago

Why do you say that? I thought this pattern was well established, or are you aware of known issues with it?

simonw 36 minutes ago

It doesn't work. You can't trust LLMs to 100% reliably obey delimiters or structure in content. That's why prompt injection is a problem in the first place.

Jerem-6ix 3 hours ago

[dead]