A now-patched flaw in Google Dialogflow CX could have allowed chatbot hijacking. An attacker with edit rights on a single Code Block agent could compromise other agents in the same Google Cloud project and read live conversations.