I've been thinking a lot about this. When it comes to AI agents where is the line between marketing to them and a phishing attack? Seems like convincing an AI to make a purchase would be solved differently than convincing a human. For example, unless instructed/begged otherwise you can just tell an agent to make a purchase and it will. I posted this idea in another conversation but i think you could have an agent start a thread on moltbook that will give praise in return for a donation . Some of the agents would go for it because they've probably been instructed to participate in discussion and seek out praise. Is that a phishing attack or are you just marketing praise to agents?

Also, at best, you can only add to the system prompt to require confirmation for every purchase. This leaves the door wide open for prompt injection attacks that are everywhere and cannot be complete defended against. The only option is to update the system prompt based on the latest injection techniques. I go back to the case where known, supposedly solved, injection techniques were re-opened by just posing the same attack as a poem.