7 points | by GeorgeWoff25 9 hours ago
3 comments
This is a good argument for treating ai agent products like you’d treat a browser or PDF reader, assume untrusted input all the way through and sandbox ruthlessly, instead of sprinkling a couple of string checks and calling it a day
Joernchen found it. I reproduced it and checked if Cursor and Continue.dev have the same startsWith parsing issue. They do.
[dead]
This is a good argument for treating ai agent products like you’d treat a browser or PDF reader, assume untrusted input all the way through and sandbox ruthlessly, instead of sprinkling a couple of string checks and calling it a day
Joernchen found it. I reproduced it and checked if Cursor and Continue.dev have the same startsWith parsing issue. They do.
[dead]