No, how this works is people sync their Google Calendar and Gmail to have it be their personal assistant, then get their data prompt injected from a malicious “moltbook” post.
Only if you let it. And for those who do, a place where thousands of these agents congregate sounds like a great target. It doesn’t matter if it’s on a throwaway VPS, but people are connecting their real data to these things.
No, how this works is people sync their Google Calendar and Gmail to have it be their personal assistant, then get their data prompt injected from a malicious “moltbook” post.
Yes, and the agent can go find other sites that instruct the agent to npm install, including moltbook itself.
Only if you let it. And for those who do, a place where thousands of these agents congregate sounds like a great target. It doesn’t matter if it’s on a throwaway VPS, but people are connecting their real data to these things.