ah yes I see, it's executing a hidden query on behalf of a privileged user — but still this seems like it would be a security gap even without AI? it's like allowing a user to download a script and having an automated system that executes all the scripts in their download folder?