Nice! I’ll try this soon, and I’m afraid I’ll end up using it a lot.

@jrswab, do you think it would be feasible to limit outgoing connections to a whitelist of domains, URLs, or IP addresses?

I’d like to automate some of my email, calendar, or timesheet tasks, but I’m concerned that a prompt injection could end up exfiltrating or deleting data. In fact, that’s the main reason why I’m not using Openclaw or similar projects with real data yet.

Yes, I think it will be quite trivial to make a output allow list. That's a great idea!