Yeah, it's easy to vibecode and review a docker sandbox, too. If you run containers with

   --runtime=runsc
   --cap-drop=ALL
   --security-opt no-new-privileges:true

it's pretty tight. That's how I use coding agents, FWIW.