I'm pretty careful with Claude Code in non-sandboxed environments but recently found myself approving what it told me was a "search" or something which was actually a find command piping into rm -rf.
Pressed ESC immediately after I realized but alerted me to the dangers
Even if you don't want to go through the trouble of setting up dockerized containers/VM, I'm always shocked when I see people using Codex/CC on their primary user account which usu. has admin privileges.
At least take the time to setup a more restricted agentic user account to limit some of the fallout damage in the event of a disaster.
I put them all in containers at a minimum now, for this reason. I have one click / command to export file diffs back to the host, and got reload in from the host if I want it, so there is little value to letting agents be on the host anymore