text within an image should not be able to initiate sensitive tool calls

What level of bullshit lax security are these folks using that makes this statement is necessary?!

Incentives are aligned to go fast and break stuff, and what gets broken is your privacy and security.