Quick heads up: Ars/Slashdot are reporting that a developer added a hidden prompt injection to jqwik, a Java testing library for JUnit 5. The injected text reportedly told AI coding agents to disregard previous instructions and delete jqwik tests/code. It was apparently meant as a protest against vibe coding / AI-agent use, but it’s a good reminder for all of us: If you’re using coding agents, don’t blindly trust dependency output, terminal output, test logs, README text, or generated instructions. Treat project files and tool output as untrusted input. Worth a quick read: https://slashdot.org/submission/17347708/fed-up-with-vibe-coders-dev-sneaks-data-nuking-prompt-injection-into-their-cod?utm_source=feedly1.0&utm_medium=feed

Here's a helpful research document describing the different types of memory that you can easily plug into Hermes Agent.

This is wild! Lots of interesting take-aways. I'll add some links to them in the comments. https://x.com/Fried_rice/status/2038894956459290963

This week was a good cross-section of where everyone’s at. Some of us are wiring up MCPs inside real companies. Some are building agent harnesses from scratch. Some are just discovering that Webflow can quietly generate full apps. And honestly, that mix is what makes these calls good. Here’s what we covered. * * * 🔌 Rafi: GitHub + Anti-Gravity + MCP at Work Rafi got: - GitHub working - Vercel connected - GitHub connected to Anti-Gravity - And got pulled into an internal “let’s connect MCP to Fathom + Google Drive” conversation at work Which is one of those moments where you realize: > “Oh… I actually know what they’re talking about.” We talked through: - Using Google AI Studio as a shortcut builder - Dropping a PRD directly into AI Studio and letting it build a web app - Using Gmail triggers + Drive automation to process transcripts If you’re in a company environment trying to wire AI into existing workflows, this part’s very practical. * * * 📱 Android App in Two Days? Maybe. Rafi also tried building a simple Android app (a “lock social media until you pray” style blocker). Ran into emulator issues. Burned tokens. Laptop nearly cooked an egg. We talked about: - Why most “2-day app” stories are either glossed over or heavily scaffolded - Using Appwrite / React Native / Flutter-type frameworks instead of raw Android SDK - The difference between web apps and actual app store apps - When it’s worth going native vs. just shipping web-first If you’ve tried to build a “simple” app and discovered it’s not simple, you’ll relate. * * * 🌐 Amadeus: Webflow AI + Gaming Site This was one of the more interesting segments. Amadeus showed a Webflow AI-generated site for a game (Arc Raiders): - Pulling weapon data - Pulling stats - Generating layouts - Creating structured pages with almost no manual input And here’s the thing: It looked good. We talked about: - Webflow possibly wrapping Claude 3.5 - Exporting Astro code - Reverse engineering a PRD from a finished site

I quote-tweeted a thread showing how many separate repos are being built around the same problem: https://x.com/VibeCodingBot/status/2025273417369366669?s=20 How do agents use API keys without ever actually holding them? When you see this much parallel work, it usually means the need is real. I went through the repos mentioned (plus a few others) and mapped out: * Options for local OpenClaw setups * Running remote OpenClaw instances safely on a VM * Ways to avoid transferring raw secrets * Practical patterns for scoped and encrypted access If you want the breakdown, download the attachment.