The danger there is not that it commit bad things, but that as part of working the task it gets tricked into sending your env/secrets/credentials to prompt injectors. That would not show up in your commit diff.

Edit: At the very least, I would not allow it to do indiscriminate web searching.