Comment by linkage
15 hours ago
That overstates it a bit. Yeah, it's mostly vibe-coded and the main dev has publicly said he has yet to review the reported vulnerabilities. I am aware that it can be easily pwned with prompt injection from its data sources.
I'm running it on my old Mac mini right now and I have not given it access to untrusted inputs like my email inbox. It only has access to my filesystem (synced to my laptop with Syncthing), local applications like Apple Reminders, and OpenRouter. I already find it useful for augmenting web searches with stuff that's in my Obsidian vault.
If you’re letting it access websites then presumably it’s open to prompt injection from those sites you’re accessing? I guess the attack surface is reduced if it doesn’t have access to anything useful beyond that.