Prompt injection?
Or is this simply another example of why autonomous agents shouldn't get write access before earning trust?
How could they ever earn trust? They don’t have real world reputations to protect, families to support, a desire not to be punished…
> earning trust?
I'd argue autonomous agents shouldn't have write access at all. At least not yet.