It's not longer this way. The 'text processing pipe' takes in two inputs. One is... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		neximo64 on March 26, 2023 \| parent \| context \| favorite \| on: Show HN: ChatGPT Plugins are a security nightmare It's not longer this way. The 'text processing pipe' takes in two inputs. One is the instruction, the other is the text to apply the instruction on. If the injection is the text it doesn't affect the instruction. The model you're describing is the previous version.

anonzzzies on March 26, 2023 [–]

Did you try this though, because so far it doesn’t seem to give the ‘system’ prompt preference over the ‘user’ prompt; the user can override the system prompt with some trivial prompting.

kfarr on March 26, 2023 | [–]

Reminds me of the old days of concatenating strings (including unsafe user input) in php to generate queries.

Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact