Caution

Huly Coder is a developer agent that can access various systems and execute actions on your local machine on your behalf. Please be aware that developer agents carry unique security risks compared to standard chat-based LLM interactions, as they can run code and perform actions on your computer. Although most foundational models include basic protections against prompt injection, inherent risks remain when using Huly Coder to interact with the internet or process data from untrusted sources. To minimize these risks, consider implementing the following precautions:

• Use a dedicated virtual machine or container (Docker/Kubernetes) with restricted privileges. This approach minimizes the risk of local system attacks and prevents unintended access to critical system resources.
• Always review code and tests generated by Huly Coder for accuracy and safety.
• Avoid sharing sensitive or confidential information with Huly Coder to prevent potential data leakage.
• When possible, break down complex instructions into smaller, isolated operations. This reduces the risk of errant commands affecting multiple system components simultaneously and makes it easier to identify abnormal behavior.
• Only connect Huly Coder with MCP extensions that you have thoroughly reviewed and trust.

In certain circumstances, Huly Coder may execute commands embedded within content, even when these commands conflict with your intended task. We strongly recommend implementing the precautions listed above to mitigate risks from prompt injection attacks. By following these guidelines, you can significantly reduce potential security risks associated with developer agents and better protect your systems and data.

For security concerns, please see privately reporting a security vulnerability for more information. For assistance or escalation, please contact the Block Open Source Governance Committee.