I'm not worried about the agent at all. The VM is there to prevent it from clobbering files on my real system.
I'm worried about supply chain attacks on npm, pip, cargo and everything else. Don't want to get compromised if I install some stupid package.
My virtdev project has essentially split my computer into two systems: my "real" trusted system with software coming directly from my Linux distribition's repositories, and the VMs for everything else.
> just 6 days ago a Linux VM escape exploit was disclosed
Well, shit. Details?
CVE-2026-53359 - https://github.com/V4bel/Januscape/blob/main/assets/write-up...
CVE-2026-43499 - https://nebusec.ai/research/ionstack-part-2/
> npm, pip, cargo and everything else
All that stuff should also go into the agent user's home directory.