cool project but prompt injection doesn't care about your filesystem permissions. the malicious instruction comes from a file the agent is allowed to read.