e9a8a0b3aded | 7 months ago | on: Tell HN: Notion Desktop is monitoring your audio and network
e9a8a0b3aded's comments
e9a8a0b3aded | 8 months ago | on: Supabase MCP can leak your entire SQL database
I wouldn't wrap it with any additional prompting. I believe that this is a "fail fast" situation, and adding prompting around it only encourages bad practices.
Giving an LLM access to a tool that has privileged access to some system is no different than providing a user access to a REST API that has privileged access to a system.
This is a lesson that should already be deeply ingrained. Just because it isn't a web frontend + backend API doesn't absolve the dev of their auth responsibilities.
It isn't a prompt injection problem; it is a security boundary problem. The fine-grained token level permissions should be sufficient.
e9a8a0b3aded | 8 months ago | on: Show HN: PyDoll – Async Python scraping engine with native CAPTCHA bypass
oi_oi_oi_got_a_licence_chum.jpg
page 1
The former is actually concerning to me. I can't imagine caring if it only knows my microphone is in use.