The Codex agent is only given tools to edit the single HTML file that displays o... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		nsomani 27 days ago \| parent \| context \| favorite \| on: Show HN: A website that auctions itself daily The Codex agent is only given tools to edit the single HTML file that displays on the homepage. The page is on a separate domain, so there's no cookie sharing, and the iFrame is in a sandbox. That said, the biggest risk is social engineering attacks.

hsbauauvhabzb 27 days ago [–]

What’s to stop someone rewriting the iframe wrapper to hide the real iframe and display a fake one?

nsomani 27 days ago | [–]

They cannot edit the iFrame itself. The user is allowed to edit the contents within the iFrame.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact