Comment by reassess_blind

The main value proposition of these full-access agents is that they have access to your files, emails, calendar etc. in order to manage your life like a personal assistant. No amount of containerization is going to prevent emails being siphoned off from prompt injection.

You probably haven't given it access to any of your files or emails (others definitely have), but then I wonder where the value actually is.