> You add some logic or filters so that the user can only query their own data, or other data they have permission to access.

What you are talking about is essentially only row level security (which is important for tenant seperation), while in the case of integrating external service providers, you column level security is a more important factor.

> I know LLMs can be scary, but this is the same problem that any ORM or program that handles user data would deal with.

In most other progams you don't directly plug your database full of PII to an external service provider.

In most other programs you don't have that same problem because the data takes a straight path from DB -> server -> user.

The README repeats an example that makes the user's email available for an agent to query (enabling PII leakage), setting a bad precedent in a space that's already chock-full of vibe coders without any concern about data privacy.