Comment by charcircuit
14 hours ago
It would be safer if these data extraction takes were done by a subagent without access to all the user's memories.
14 hours ago
It would be safer if these data extraction takes were done by a subagent without access to all the user's memories.
I think it is already done via a subagent, otherwise the context window would be flooded with long responses. In this case the subagent should've reported that a (attacker-controlled) authorization is required anyway.