Synesthetic Computation
The author walks the reader through a full exploit chain that starts with a UX/trust-boundary trick and ends in RCE by causing a client to connect to an attacker gateway, leak a token, and reconfigure the agent’s execution environment. It's a sharp systems narrative that will change how you think about agents crossing chat, browser, and local tooling — excellent reading for defenders and attacker-minded engineers, but it's an investigative article rather than a ship-or-tool.