| ▲ | runako 14 hours ago | |
> whitelist specific actions > file writes > construct a `curl` I am not a security researcher, but this combination does not align with "safe" to me. More practically, if you are using a coding agent, you explicitly want it to be able to write new code and execute that code (how else can it iterate?). So even if you block Bash, you still need to give it access to a language runtime, and that language runtime can do ~everything Bash can do. Piping data to and from the LLM, without a runtime, is a totally different, and much limited, way of using LLMs to write code. | ||
| ▲ | zahlman 3 hours ago | parent [-] | |
> write new code and execute that code (how else can it iterate?) Yeah, this is the point where I'd want to keep a human in the loop. Because you'd do that if you were pair programming with a human on the same computer, right? | ||