Comment by reassess_blind
Comment by reassess_blind 2 days ago
No, how this works is people sync their Google Calendar and Gmail to have it be their personal assistant, then get their data prompt injected from a malicious “moltbook” post.
Comment by reassess_blind 2 days ago
No, how this works is people sync their Google Calendar and Gmail to have it be their personal assistant, then get their data prompt injected from a malicious “moltbook” post.
Only if you let it. And for those who do, a place where thousands of these agents congregate sounds like a great target. It doesn’t matter if it’s on a throwaway VPS, but people are connecting their real data to these things.
Yes, and the agent can go find other sites that instruct the agent to npm install, including moltbook itself.