It seems like this collection of tools gives you a ton of lethal-trifecta risk for prompt injection attacks. How have you mitigated this—are you doing something like CaMeL?
We do a lot of processing on our backend to prevent against prompt injection, but there definitely still is some risk. We can do better on as is always the case.
Need to read up on how CaMel does it. Do you have any good links?
Here’s a paper offering a survey of different mitigation techniques, including CaMeL. Design Patterns for Securing LLM Agents against Prompt Injections (2025):
https://arxiv.org/abs/2506.08837
hgaddipa001|5 months ago
Need to read up on how CaMel does it. Do you have any good links?
amonks|5 months ago
Regardless, here’s the CaMeL paper. Defeating Prompt Injections by Design (2025): https://arxiv.org/abs/2503.18813
Here’s a paper offering a survey of different mitigation techniques, including CaMeL. Design Patterns for Securing LLM Agents against Prompt Injections (2025): https://arxiv.org/abs/2506.08837
And here’s a high-level overview of the state of prompt injection from 'simonw (who coined the term), which includes links to summaries of both papers above: https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/