We do a lot of processing on our backend to prevent against prompt injection, but there definitely still is some risk. We can do better on as is always the case.
Need to read up on how CaMel does it. Do you have any good links?
We do a lot of processing on our backend to prevent against prompt injection, but there definitely still is some risk. We can do better on as is always the case.
Need to read up on how CaMel does it. Do you have any good links?
That’s a pretty scary answer, to be honest.
Regardless, here’s the CaMeL paper. Defeating Prompt Injections by Design (2025): https://arxiv.org/abs/2503.18813
Here’s a paper offering a survey of different mitigation techniques, including CaMeL. Design Patterns for Securing LLM Agents against Prompt Injections (2025): https://arxiv.org/abs/2506.08837
And here’s a high-level overview of the state of prompt injection from 'simonw (who coined the term), which includes links to summaries of both papers above: https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/
Thanks!
Don't worry have worked with a few friends experienced in prompt injection to help with the platform.
But will read these too :)
Re: CaMeL, Jesus, why not build a UI with explicit access controls at that point?
because you can't enjoy your pina coladas on the beach if your phone keeps buzzing every 10 seconds.