Comment by jesse_dot_id

If it's properly sandboxed then I fail to see how it's useful, unless you're attaching it to your e-mail, calendar, etc. If you're attaching it to those things, then I still don't see how the SaaS messenger account you're using being hacked doesn't still directly imperil your personal information.

Like, I could run this thing on an isolated VLAN in a VM, but if I hook it up to a SaaS app for its frontend, then it's immediately insecure if the bot is connected to anything of value. If it's not connected to anything of value, then what's the point?