|
|
|
|
|
|
by schipperai
102 days ago
|
|
|
great callout - tool call can have side-effects outside your box. So unless you run a sandbox with no internet access, you aren't ever 100% safe. nah does guard some of this - reading .env or ~/.aws/credentials gets flagged, and Write/Edit content is inspected for secrets before it leaves the tool. Docker + filtered mounts + something like nah on top is a solid layered approach that is still practical. |
|
|