Ensure code based agent doesn't allow scope escalation #7569

Pwuts · 2024-07-23T18:08:24Z

Part of feat(agent): Introduce Python code execution as prompt strategy #7142

Operations that should not be allowed (by default):

Executing shell commands through subprocess.run(..) or os.system(..)
Access files outside of the agent's file workspace
- suggestion: inject a wrapped version of open() into the execution namespace

The text was updated successfully, but these errors were encountered:

github-actions · 2024-09-12T01:56:41Z

This issue has automatically been marked as stale because it has not had any activity in the last 50 days. You can unstale it by commenting or removing the label. Otherwise, this issue will be closed in 10 days.

github-actions · 2024-09-24T01:59:54Z

This issue was closed automatically because it has been stale for 10 days with no activity.

Pwuts added Classic AutoGPT Agent security labels Jul 23, 2024 — with Linear

Pwuts self-assigned this Jul 23, 2024

Pwuts changed the title ~~Ensure code based agent doesn't allow execution scope escalation~~ Ensure code based agent doesn't allow scope escalation Jul 23, 2024

github-actions bot added the Stale label Sep 12, 2024

github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Sep 24, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Ensure code based agent doesn't allow scope escalation #7569

Ensure code based agent doesn't allow scope escalation #7569

Pwuts commented Jul 23, 2024 •

edited

Loading

github-actions bot commented Sep 12, 2024

github-actions bot commented Sep 24, 2024

Ensure code based agent doesn't allow scope escalation #7569

Ensure code based agent doesn't allow scope escalation #7569

Comments

Pwuts commented Jul 23, 2024 • edited Loading

github-actions bot commented Sep 12, 2024

github-actions bot commented Sep 24, 2024

Pwuts commented Jul 23, 2024 •

edited

Loading