The author explores the capabilities of modern tools like Claude Code and Claude Cowork for automating tasks, particularly in software development. They share their experience creating several projects, including a Chrome Extension that uses active browser tabs and a voice transcription tool. While these tools enhance productivity, the author expresses concern about the risks associated with granting such tools access to sensitive data on personal devices. They highlight the importance of controlling these tools to prevent unauthorized access or modifications to user files. The discussion shifts to the browser's built-in sandboxing capabilities, which are designed to run untrusted code safely. The author outlines three critical areas for effective sandboxing: file system access, network control, and the execution environment. They break down file system access into three layers, from read-only access to full folder access via the File System Access API. While full access enables exciting possibilities for automation, it also raises significant concerns about the potential for malicious actions if untrusted code is executed. Network control is another challenge. The author points out that unless an application runs entirely client-side, it must send data to a server for processing, which can expose sensitive information. Content Security Policy (CSP) can help manage these risks by restricting network requests to approved origins. The piece emphasizes the need for strict CSP configurations to prevent accidental data leaks. Finally, the author discusses strategies for safely displaying output from language models, suggesting that sandboxing techniques, such as using `<iframe>` elements with specific attributes, could help mitigate risks associated with untrusted content.