While this is definitely a good first step, nothing stops Claude from following an injected prompt and writing malicious code in your writeable development directory, waiting for you to execute it manually with your full local permissions.

The point is that anything produced by Claude should only ever run in a sandboxed environment if you are really dead set on protecting yourself.