bon_ai·先月·議論the capabilities design is really cool, however to protect against prompt injection to unauthorized db access, couldn't we just use api only agent or db features like pg RLS