Security concern: Isn't this just an RCE?

[krainboltgreene]

How much privilege can you get from injecting random text into this interface?

[keijiro]

Thanks for the question. It's an essential question if I go further in this direction. It should have security checking or sandboxing to defend the user's environment from malicious attempts.

I don't plan to go further in this project, so I won't implement any security features, but I keep this issue open because it's an important missing feature. Any input is welcomed.

[eagleEggs]

I briefly looked at the code. This doesn't seem any different than if someone were to write their own CS that posts to a remote server.

A brief thought is that the returned values, if malicious (I.e. you crafted something to receive/parse out a malicious payload from GPT), maybe could be executed locally. Usually when we code against a remote server, the server is trusted (Do we trust GPT returned values 100%?).

This could be mitigated either at the Unity Editor level or in the users CS itself. But overall it seems tame, and a problem that already would exist in a normal, custom crafted CS script that a user could create in Unity that queries and returns values from a remote source.

Again, I only looked at the code briefly.

[krainboltgreene]

is that the returned values, if malicious, maybe could be executed locally

It's not just malicious returned values, but imprecise returned value. The RCE here is a piece of text that an LLM, a parrot, who has no ability to determine intent, be precise, or have confidence, that generates code that is dangerous.

[krainboltgreene]

My only suggestion here is to add a preview step for every execution, like a pull request.