Comment by theflyinghorse

I am afraid to give agents ability to touch git at all and people out there let it know things about their infrastructure. 100% fault on the operator for trusting agents, for not engineering a strong enough guard rails such as “don’t let it near any infrastructure”.