Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
cjbprime
6 months ago
|
parent
|
context
|
favorite
| on:
GitHub MCP exploited: Accessing private repositori...
It's not that nonsensical. After it's accessed the private repo, it leaks its content back to the attacker via the public repo.
But it's really just (more) indirect prompt injection, again. It affects every similar use of LLMs.
bjornsing
6 months ago
[–]
Could someone update the TLDR to explain how / why a third party was able to inject instructions to Claude? I don’t get it.
charles_f
6 months ago
|
parent
[–]
Through an issue on the public repo. There's even a screen capture of it
bjornsing
6 months ago
|
root
|
parent
[–]
So the security mistake was saying to Claude ”please handle that GitHub issue for me” with auto approve enabled?
0x500x79
6 months ago
|
root
|
parent
[–]
The issue is that anything put into an LLM thread can alter the behavior of the LLM thread in significant ways (prompt injection) leading to RCE or data exfiltration if certain scenarios are met.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
But it's really just (more) indirect prompt injection, again. It affects every similar use of LLMs.