Comment by kasey_junk
3 months ago
Ok, but that’s true of _any_ program you install so isn’t interesting.
I don’t think the current agent tool call permission model is _right_ but it exists, so saying by default it will freely run those calls is less true of agents than other programs you might run.
Not all programs misbehave in this way. Signal desktop lets you turn off this vulnerability, and of course iOS apps and normal macOS apps are not allowed to self-modify, as it breaks their signature.
https://github.com/signalapp/Signal-Desktop/issues/4578
https://github.com/syncthing/syncthing-macos/issues/122