I'm about to wrap up the alpha release of an Rust/Tauri based GUI desktop app that allows me (and others if interested) build modular AI agents. At this point it gives you control over the system prompt, LLM, message and which MCP tooling you want to use (to prevent cluttering the request with 69 unnecessary tools you do not need anyway). You can store agents as templates, so you can reuse them with ease.

I got hacked a week ago. I did pretty extensive technical research on how they pulled it off and what I (/we) can try to prevent this from happening in the future, or at least minimise the scope as much as possible.

I hope this will help a few others, either by bringing more attention to how vulnerable the whole Node.js ecosystem is or just to help more people become aware how attackers try to play you.