ZIm/crates/agent2
Conrad Irwin a102b08743
Require confirmation for fetch tool (#36881)
Using prompt injection, the agent may be tricked into making a fetch
request that includes unexpected data from the conversation in the URL.

As agent conversations may contain sensitive information (like private
code, or
potentially even API keys), this seems bad.

The easiest way to prevent this is to require the user to look at the
URL
before the model is allowed to fetch it.

Thanks to @ant4g0nist for bringing this to our attention.

Release Notes:

- agent panel: The fetch tool now requires confirmation.
2025-08-25 16:03:07 +00:00
..
src Require confirmation for fetch tool (#36881) 2025-08-25 16:03:07 +00:00
Cargo.toml acp: Refactor agent2 send to have a clearer control flow (#36689) 2025-08-21 18:11:05 +02:00
LICENSE-GPL ACP champagne (#35609) 2025-08-06 09:01:06 +00:00