> it's "they could do anything you said YES to, in your AGENT.md" permissions checks.
Nothing fed to an LLM is a "permissions check", they're filler for a context window after which the generator produces the some likely tokens. If AGENTS.md can make your agent do something, it was already able to do that without the AGENTS.md.
Nothing fed to an LLM is a "permissions check", they're filler for a context window after which the generator produces the some likely tokens. If AGENTS.md can make your agent do something, it was already able to do that without the AGENTS.md.