Everyone agrees that agent security is an area that needs significant improvement, and quickly. Using methods from information flow control, this is a lightweight demo of how web search can taint a Claude session so it doesn't allow writing after a accessing untrusted data.

This can be configured via profiles to more more or less restrictive.

Treat this as an example for now, more to come in the future.