top | item 46288494

(no title)

config_yml | 2 months ago

> GIDs are not checked for authorization when doing the lookup - they are meant to be generated above the authorization layer, and to be consumed above the authorization layer

Then the problem with this post boils down to applying the authorization layer in any tool call, just like you do in controllers. Seems obvious?

discuss

jeremy_k|2 months ago

Agreed. Seems like the author tried to get fancy using GIDs with LLMs to cut down on the logic in their tool calls and opened a can of worms.