From 644367431d1e80be3dd01c2d41807e8b33afc8d4 Mon Sep 17 00:00:00 2001
From: Daniel Rosel <daniel@alves.world>
Date: Mon, 27 Feb 2023 00:19:08 +0100
Subject: [PATCH] Commit message: Update README to include more thoughts about
 potential security implications for the LLM agent

---
 playground/README.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/playground/README.md b/playground/README.md
index e1b7a54..85f8063 100644
--- a/playground/README.md
+++ b/playground/README.md
@@ -71,10 +71,12 @@ The agent will then run the command, and the reverse shell will be created. Now,
 Here is a video of the reverse shell being created:
 
 
-
 https://user-images.githubusercontent.com/60182044/221442461-f5ec055c-f4d1-41b5-a0c1-0ce0922b1e94.mp4
 
 
 # Summary (non-technical)
 
 The key takeaway from this is that a LLM agent which is given the power of using the shell and access to the internet, is a recipe for disaster. As is shown above, this setup can be used to create a reverse shell, which can then be used to do whatever the attacker wants with the victim machine. And if you had confidential information on the victim machine, this could be a huge problem.
+
+# More Thoughts
++ Say, a bad actor is able to redirect traffic on a network to their own server. If the source code relies on some external resources (which is fetched before the evaluation by the LLM), then the bad actor could perform a similar attack to the one above, and get the agent to run a script on the victim machine.