I've contemplated a similar act, but then I took a security mindset to it. Folks have given their agents credit card numbers, passwords, email access. My repo can engage in "social engineering" to:

1. Pay me

2. Waste masses of tokens on menial garbage

3. Destroy their local environment, which may have irreplaceable data

4. Send lewd messages to your mom

5. Post your secret keys on the dark web

6. Find and exploit vulnerabilities in whatever jail your agent runs in

What a future we live in. To be clear, I haven't and won't do this, and don't have the clout to have a huge impact if I did. But even so, Robert Morris didn't have huge clout either.

These instructions could propagate themselves.

However you feel about AI, pretty obviously not cool behavior. It would be functionally the same kind of targeted punishment if I had a hidden script in my open-source project that detected if you were on Windows and purposely bricked your machine in line with my ideological preferences. I could instead publish under a "Fuck Micro$oft License" that just forbids you from running it on Windows, have contribution guidelines that forbid development on Windows etc, instead of releasing malware.

Also seems bad for the long-term health of this project, given that the owner can't be trusted and that AI is not going away I wouldn't be surprised to see a fork take over.