[KaiserPro]

Whilst it is safer to run inside a Vm/container, it doesn't make it safe.

Yes, having your entire filesystem deleted is much less likely now (bonus points for zfs snapshots of the image for each operation) Your context is still vulnerable, as anything the VM has access too.

[metachris]

Good point! Running in isolation does reduce the amount of sensitive things an LLM has access to though, which typically can be quite a lot (SSH keys, Cloud credentials, communication tools, etc.)