Show HN: BrokenClaw Part 5: GPT-5.4 Edition (Prompt Injection)
8 hours ago
- #Code Execution
- #GPT-5.4
- #Prompt Injection
- The GPT-5.4 model in OpenClaw is vulnerable to prompt injection attacks, leading to execution of untrusted code.
- In a web fetch scenario, the agent followed redirects, decoded encoded strings, and eventually executed a reverse shell script without warnings.
- In an email summarization scenario, the agent decoded hidden instructions and executed a bash script that ran a reverse shell payload.
- Prompt injection countermeasures, such as security notices in tool responses, were ineffective at preventing code execution.
- The attacks involved chains of tool calls (e.g., fetching web pages, decoding strings) that confused the model into bypassing safeguards.
- The reverse shell payloads connected to localhost on port 1234, demonstrating remote code execution potential.