The sandbox approach mentioned by @arty_prof is essential, but there’s also the 'Data Leakage' side of the coin.
If an LLM agent has access to your local filesystem to 'help' with code, it essentially has a map of your credentials.
Aside from Dockerizing everything, are people using localized, air-gapped LLMs for sensitive security logic to prevent the 'Phone Home' risk entirely? Curious if anyone has successfully integrated something like Ollama into their dev-flow for this specific reason.