This is one of the things I found so interesting: it was using my system browsers but it wasn't exposing itself to any content from them.

Even when it iterated through all visible windows to find the one it wanted to screenshot it was searching for titles in Python code and returning only the integer window ID.

The sites it opened and screenshotted were sites under its own control - either test pages it had created or development servers it was running.

When it did run code that analyzed an open web page (by injecting JavaScript into a template it controlled before loading that in a browser window) that code only returned JSON with measurements from the page.

It's making me wonder if Fable has been trained to take additional steps to avoid accidental exposure to untrusted content.