Big & true. But even worse, this seems more like a lethal "quadfecta", since you also have the ability to not just exfiltrate, but take action – sending emails, make financial transfers and everything else you do with a browser.
I think this can be reduced to: whoever can send data to your LLMs can control all its resources. This includes all the tools and data sources involved.
