Sure, but then the parameters of those queries are still dynamic and chosen by the LLM.
So, you have to choose between making useful queries available (like writing queries) and safety.
Basically, by the time you go from just mitigating prompt injections to eliminating them, you've likely also eliminated 90% of the novel use of an LLM.
So, you have to choose between making useful queries available (like writing queries) and safety.
Basically, by the time you go from just mitigating prompt injections to eliminating them, you've likely also eliminated 90% of the novel use of an LLM.