Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dangerous examples #25

Closed
gregmolnar opened this issue Mar 15, 2025 · 2 comments
Closed

Dangerous examples #25

gregmolnar opened this issue Mar 15, 2025 · 2 comments

Comments

@gregmolnar
Copy link

gregmolnar commented Mar 15, 2025
edited
Loading

@danielwestendorf brought to my attention that your examples are quite dangerous. For instance at the "tools", you have a Calculator example that allows the LLM to call "eval" and if someone passes user controlled messages to the chat, it can be abused for remote code execution. You can see a simple example on the image below.

Image
@CalvinWalzel
Copy link

CalvinWalzel commented Mar 15, 2025
edited
Loading

Maybe the example could be updated to use either the dentaku or keisan gems instead?

@crmne crmne closed this as completed in f832cb2 Mar 15, 2025
@crmne
Copy link
Owner

crmne commented Mar 15, 2025

Hey @gregmolnar and @danielwestendorf. Thanks for flagging this.

The eval was only in the docs and meant only as an example, but we definitely don't want to promote dangerous patterns in the docs. I updated them.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@crmne @gregmolnar @CalvinWalzel