alt Hacker NewsBiggest downside of CLI for me is that it needs to run in a container. You're allowing the agent to run CLI tools, so you need to limit what it can do.
Replies
tuwtuwtuwtuw • yesterday at 6:10 PM
Couldn't that be solved by whitelisting specific commands?
➕ show 2 replies
It gets significantly harder to isolate the authentication details when the model has access to a shell, even in a container. The CLI tool that the model is running may need to access the environment or some credentials file, and what's to stop the model from accessing those credentials directly?
It breaks most assumptions we have about the shell's security model.