I'm not the commentor, but you could get different results from the same curl command depending on what the server wants to give you at the time. The bash script can make additional curl calls or set up jobs that occur at other times.
I'm sure both of you understand this. I'm guessing it's just semantics.
Right. My point is that you only run it once, so there's only that one chance for a compromise. If you got lucky and talked to the right server and it gave you a good script, which is overwhelmingly probable most of the time, you're in the clear. That doesn't mean it's wise, but the danger is limited. Whereas with these agents, every piece of data they're exposed to is potentially interpreted as instructions.
I'm not the commentor, but you could get different results from the same curl command depending on what the server wants to give you at the time. The bash script can make additional curl calls or set up jobs that occur at other times.
I'm sure both of you understand this. I'm guessing it's just semantics.
Right. My point is that you only run it once, so there's only that one chance for a compromise. If you got lucky and talked to the right server and it gave you a good script, which is overwhelmingly probable most of the time, you're in the clear. That doesn't mean it's wise, but the danger is limited. Whereas with these agents, every piece of data they're exposed to is potentially interpreted as instructions.