[wunderwuzzi23]

Great point. It's actually possible for one agent to "help" another agent to run arbitrary code and vice versa.

I call it "Cross-Agent Privilege Escalation" and described in detail how such an attack might look like with Claude Code and GitHub Copilot (https://embracethered.com/blog/posts/2025/cross-agent-privil...).

Agents that can modify their own or other agents config and security settings is something to watch out for. It's becoming a common design weakness.

As more agents operate in same environment and on same data structures we will probably see more "accidents" but also possible exploits.