This is exactly why tools like Landstrip[1] exist. Sandboxing is a good mitigation to an extent, but it cannot address every class of attack. If an agent allows untrusted content to influence privileged decisions, the underlying design still has a large attack surface. Claude Code is also susceptible to this class of issue because of how its plugin interface works.
Great job! I've achieved comparable results on my Android TV with Stremio[1] and the Torrentio[2] plugin. Being able to use the terminal for streaming would be a nice thing to have in Linux. It would also be cool to check for malicious files before downloading.
Government of India issued a follow up gazette notification withdrawing mandatory pre-installation of Sanchar Saathi app on smartphones: https://news.ycombinator.com/item?id=46132822