They don't have arbitrary access over your file system. They ask permission for doing most everything. Even reading files, they can't do that outside of the current working directory without permission.
Comments like this just show how bad the average dev is at security. Ever heard of the principle of least privilege? It's crazy that anyone who has written at least one piece of software would think "nah, it's fine because the software is meant to ask before doing".
I'm pretty comfortable with the agent scaffolding just restricting directory access but I can see places it might not be enough...
If you were being really paranoid then I guess they could write a script in the local directory that then runs and accesses other parts of the filesystem.
I've not seen any evidence an agent would just do that randomly (though I suppose they are nondeterministic). In principle maybe a malicious or unlucky prompt found somewhere in the permitted directory could trigger it?
globular-toast|6 months ago
mark_undoio|6 months ago
If you were being really paranoid then I guess they could write a script in the local directory that then runs and accesses other parts of the filesystem.
I've not seen any evidence an agent would just do that randomly (though I suppose they are nondeterministic). In principle maybe a malicious or unlucky prompt found somewhere in the permitted directory could trigger it?