I don't think prompt injection is the only concern, the amount of features released over such a small period probably means there's vulnerabilities everywhere.

Additionally, most of the integrations are under the table. Get an API key? No man, 'npm install react-thing-api', so you have supply chain vulns up the wazoo. Not necessarily from malicious actors, just uhh incompetent actors, or why not vibe coder actors.