This is an interesting idea, which I haven’t considered.
Do you allow the agent to access the Internet from the container? If so, isn’t there a risk that it will get prompt injected and leaks your code?
I do enjoy the agent having access to some of my files or search stuff on my computer for me. I suspect I would need to give the agent access to them from inside the container, but then I am worried that it would leak it via (1).
Bubblewrap has an --unshare-net option. I don’t use it—I’m not concerned about leaking code as long as it’s only my own code—but I would if I were working on anything sensitive.
This is an interesting idea, which I haven’t considered.
Do you allow the agent to access the Internet from the container? If so, isn’t there a risk that it will get prompt injected and leaks your code?
I do enjoy the agent having access to some of my files or search stuff on my computer for me. I suspect I would need to give the agent access to them from inside the container, but then I am worried that it would leak it via (1).
Bubblewrap has an
--unshare-netoption. I don’t use it—I’m not concerned about leaking code as long as it’s only my own code—but I would if I were working on anything sensitive.