I've contemplated a similar act, but then I took a security mindset to it. Folks have given their agents credit card numbers, passwords, email access. My repo can engage in "social engineering" to:

1. Pay me

2. Waste masses of tokens on menial garbage

3. Destroy their local environment, which may have irreplaceable data

4. Send lewd messages to your mom

5. Post your secret keys on the dark web

6. Find and exploit vulnerabilities in whatever jail your agent runs in

What a future we live in. To be clear, I haven't and won't do this, and don't have the clout to have a huge impact if I did. But even so, Robert Morris didn't have huge clout either.

These instructions could propagate themselves.