AI can write useful scripts. It can also write scripts that read your SSH keys and POST them somewhere interesting.

The problem isn’t malice. AI doesn’t want your secrets. It just can’t tell what’s sensitive. Ask it to “find configuration files” and it might helpfully include ~/.aws/credentials. Ask it to “clean up temporary files” and, well, its definition of temporary is broader than yours.

Don’t run arbitrary AI-generated code.

The Sandbox That Already Exists

Deno denies all permissions by default. Scripts can’t read files, write files, access the network, spawn processes, or read environment variables unless you explicitly allow it.