If you’re letting it access websites then presumably it’s open to prompt injection from those sites you’re accessing? I guess the attack surface is reduced if it doesn’t have access to anything useful beyond that.
If you’re letting it access websites then presumably it’s open to prompt injection from those sites you’re accessing? I guess the attack surface is reduced if it doesn’t have access to anything useful beyond that.