Nice. the frontmatter question is the one i'd want answered before trusting it: when an agent edits a file does it round-trip YAML frontmatter and nested code fences cleanly, or does that stuff get mangled? every "wysiwyg markdown" tool i've tried falls apart there. Also is the CLI cross-platform or mac-only like the app?
If the web runners return summarized results and those are still treated as untrusted, what's stopping a summary itself from carrying the injection up to the main loop?