(no title)

One key is sandboxing the agent (easy to do with Claude Code) so that it can only see a certain directory and needs to ask permission for additional directory access (works well). Can double layer sandbox if you don't trust the Claude cli.

The ISO issue is whole other ballgame. In this case, for me, it was a bit of a yolo. I did click through the internet archive link and it seemed decent, but definitely risk here. Watching output doesn't really matter if there is a virus in the random executable that it pulled