@cwebber the only bit from the post I slightly disagree with is that "Wrapping agents in sandboxes is tough to do", or rather that this should be left as a conclusion for people instead of emphasising as a prerequisite before using an agent (even if done imperfectly). Well, even to do development using package managers nowadays I guess...
My attempt at this: https://www.danieldemmel.me/blog/coding-agents-in-secured-vscode-dev-containers