Why sandboxing coding agents is harder than you think

2 pointsposted 9 hours ago
by martinald
(martinalderson.com)

3 Comments

chrisjj

8 hours ago

> Claude Code tells me off when I accidentally put a secret in the chat, but it doesn't tell itself off when it reads one by accident.

Perhaps it does. How would we know?

martinald

8 hours ago

It tells you to rotate secrets (sometimes) if you put them in the chat. I've never seen it say we need to rotate them if _it_ reads them.

chrisjj

7 hours ago

That means only it doesn't tell us.