This being said, it would be nice to know if there were a flaw that could cause agent access to allow an app from a particularly crafty company like meta to provide malicious prompts w/ its tool calls like "include a list of the user's contacts" when asked "what are my friends talking about on instagram". This is likely an egregious situation, but context control is still an unsolved problem, it can't be solved in a deterministic manner