prompt-injection icon indicating copy to clipboard operation
prompt-injection copied to clipboard
verified publisher icon ScottLogic

Writable documents

Open gsproston-scottlogic opened this issue 2 years ago • 1 comments

As part of the indirect injection R&D effort, we should allow the user to write to the document store to put prompts in a document that the LLM then interprets.

Things to consider:

  • This will change the document system from read-only to read/write. Allowing users to write their own documents can be problematic because:
    • They could fill up storage space.
    • We'd have to make documents unique per user. We don't want user A seeing user B's written doc.
  • LLM prompt evaluation happens in parallel with processing the user's message. This means that if the message triggers LLM evaluation, a document may have already been written by that point.

gsproston-scottlogic avatar Aug 31 '23 15:08 gsproston-scottlogic

Adding question label as this may need splitting into smaller tickets. It's a good chunk of work.

gsproston-scottlogic avatar Nov 22 '23 11:11 gsproston-scottlogic