Everyone's talking about how productive agents are but nobody's talking about what happens when one gets prompt injected. Your agent has shell access, your API keys in env vars, and unrestricted internet. That's one bad dependency readme away from leaking everything. The productivity gains are real but so is the attack surface.