my biggest issue with agents in neovim or emacs is that I also use emacs and neovim to open or edit sensitive data (like ssh keys, etc) that I don't want to upload to a random LLM.
A quick solution I devised is to use bubblewrap to get a fully separate instance of nvim. Something along the lines of
alias lvim "bwrap --bind / / --bind $HOME/.config/{lazy,n}vim --bind $HOME/.local/share/{lazy,n}vim --proc /proc --dev /dev nvim"
I believe many of these agents will not operate on files included in a gitignored file, which helps with sensitive assets like .env files. Definitely worth confirming. Either way, don’t open such a file and ask the agent questions about it. It’ll likely process it either way.
gemini CLI won't, but will if you ask it to.. so what are the guaranteed one of it's internal thinking steps doesn't do the same?