Make a small prototype and show it to your boss, they now think it's fully working (Prototype/WIP/etc... means nothing to some people) and they start to show it around aaaand before you know it you are hosting a new company's website.

> Make a small prototype and show it to your boss, they now think it's fully working (Prototype/WIP/etc... means nothing to some people) and they start to show it around aaaand before you know it ...

What is the best way to avoid this trap, short of making your prototypes purposefully buggy and incomplete?

I am afraid that even that would not work, in my opinion the best solution is be aware of it and try to always have prototype that you are confident enough you could release and keep working on.

Wipe data every X days and display a huge red header warning of this.

The same sort of tools are often used for accessing IOT devices running "in the wild" by the applications managing them. Ngrok has also themselves at times marketed for this purpose (although they now call it "ngrok link", but it seems to be the same underlying tech).

It's basically using the same tactics as a RAT used by hackers, but used for legitimate uses.

Because, if it's possible, someone will do it.

I've used it for demos - which aren't production but I'd really prefer if it didn't crash!