The ui/message UI action allows apps to send messages on behalf of the user, which may be a sensitive operation.
While the ability to inject context from an MCP server already exists, this (potentially) new attack surface may warrant user consent.
Raised by @PederHP (see SEP PR) and @ochafik.
