Pi supports restricting the set of tools given to an agent. For example, one of the examples in pi --help is:

    # Read-only mode (no file modifications possible)
    pi --tools read,grep,find,ls -p "Review the code in src/"

Otherwise, "yolo mode" inside a sandbox is perfectly reasonable. A basic bubblewrap configuration can expose read-only system tools and have a read/write project directory while hiding sensitive information like API keys and other home-directory files.