The whole premise of this thing seems to be that it has access to your email, web browser, messaging, and so on. That's what makes it, in theory, useful.

The prompt injection possibilities are incredibly obvious... the entire world has write access to your agent.

???????