1 comment

[ 2.7 ms ] story [ 14.7 ms ] thread
Does this prevent a compromised agent from using the secret, or just seeing it? I’m thinking, if an agent gets hit with a prompt injection, could it still tell the vault to proxy a request that wipes a database for example, even if it never sees the actual API key?