Haha true. I’d considered that. But then, so is any code the agent writes, which will ultimately run outside the sandbox.
So it’s certainly not perfect. An isolated VM or a VPS provides the best guarantees. For me though it’s good enough. I’ve put my risk profile at: ‘don’t fuck up my system directly and don’t exfiltrate secrets directly’
So it’s certainly not perfect. An isolated VM or a VPS provides the best guarantees. For me though it’s good enough. I’ve put my risk profile at: ‘don’t fuck up my system directly and don’t exfiltrate secrets directly’