- Document unrestricted filesystem and command access - Explain no permission checks or safety rails - Warn about prompt injection risks - Provide mitigation suggestions - Clear about design philosophy and use at own risk