What's the security boundary here - there's no mention of a VM or anything to isolate the agent from the file system?
i think the point is to access the filesystem. move stuff around write rename etc.
i think the point is to access the filesystem. move stuff around write rename etc.