I would probably do it the same way any other dangerous operations are protected: make people type confirmation in (e.g. how you delete repos on GitHub), require you to manually add websites to a whitelist (e.g. how screen sharing for apps already works on Mac, or how some permissions work on Android). You can use heuristics to provide a more onerous confirmation for suspicious sites, exactly how running executables works on Windows.

Other security measures you could do:

1. Throttle events to the speed that a human could do them, so you can't instantly open a terminal and paste code in.

2. Require additional confirmation to sent events to specific applications, like the terminal, or explorer or whatever.

3. Only allow control of apps that are already open. That would be better than nothing.

There are probably other things I haven't thought of.

Anyway the point is the danger is only two clicks away already. This isn't a risk that isn't already there, it just makes the tech less annoying.

Thank you, that sounds somewhat reasonable, but I am still not entirely convinced that the added attack surface is really worth it..