[likium]

The tool explicitly has an allow list for commands and block list for sensitive paths[1].

Though it's not enough, stuff like `grep "" .e?v` can still end up sending your sensitive keys to LLM providers.

[1]: https://github.com/ygwyg/system/blob/b5adfe526da7470cade61f7...