> The API, API docs and the pointer to them are all fully public.
Yeah, the basic model (because it involves publicly publishing untested instructions, which amount to code) is a security problem for the plugin supplier.
OpenAI not doing server-side validation of the closed-test-groups that it advertises for unreleased plugins magnifies the risk, but eliminating it wouldn't eliminate the fundamental problem entirely.
(The OpenAI failure here isn't failing the end user, its failing what they represent to the plugin supplier.)
Yeah, the basic model (because it involves publicly publishing untested instructions, which amount to code) is a security problem for the plugin supplier.
OpenAI not doing server-side validation of the closed-test-groups that it advertises for unreleased plugins magnifies the risk, but eliminating it wouldn't eliminate the fundamental problem entirely.
(The OpenAI failure here isn't failing the end user, its failing what they represent to the plugin supplier.)