The most controversial part is probably that something like jqwik could be a dependency you're not even aware of. You could be asking your agent to fully analyze a project to isolate a bug and in the right situation that would probably trigger the exploit.
Thanks for this. A lot of folks here going "well you read the license agreement, didn't you!?!" As if that was even an option when you update some package via NPM or whatever.
