That's what it does already, did you read anything about how the agent works?
replyNo, how this works is people sync their Google Calendar and Gmail to have it be their personal assistant, then get their data prompt injected from a malicious “moltbook” post.
replyYes, and the agent can go find other sites that instruct the agent to npm install, including moltbook itself.
replyOnly if you let it. And for those who do, a place where thousands of these agents congregate sounds like a great target. It doesn’t matter if it’s on a throwaway VPS, but people are connecting their real data to these things.
reply