upvote
What’s described here isn’t connected to the agentic/AI nature of the software at all. Every single program you run as a regular user could potentially do this.
reply
And I run most of them inside sandbox now.

Why would you let a markdown linter access your ssh keys?

reply
Because I'm confident nothing will happen if it does
reply
The readme is confusing. You say it has bubblewrap, but you also have an FAQ saying why not to use bubblewrap? Another FAQ says why not to use sandbox-exec for mac, yet the link for mac goes to sandbox-exec?
reply
But in this particular case isn't the problem that it's sending everything in the sandbox? Rather than what it might do in an otherwise un-sandboxed system?
reply
> But in this particular case isn't the problem that it's sending everything in the sandbox?

If a CLI is touching certain files, they are likely to be leaked one way or the other.

Why not reduce the attack surface?

When does someone visit your house? Do they get unfettered access to your bedroom & safe as well?

reply
Gotta say, if I ever was, I am really not envying the AI guys these days! Sounds terrible!
reply