Your agent harness shouldn't place that file anywhere that code executed by the agent can write to.
This is why good agents need a robust sandboxing mechanism.
I see. Very reasonable. The harness ensures that the tool calls are executed in a different user or cgroup. Nothing about the tool call requires it to be in the same space as the harness itself. Very simple solution and embarrassed I didn’t mention it. Thanks, Simon.
