task run should warn when project path is a home or system directory #13
Description
Problem
nightshift task run uses the current working directory as the project path when -p is not specified. If a user runs the command from their home directory (~), the AI agent scans the entire home directory — including sensitive files, credentials, SSH keys, and unrelated projects.
There's no guardrail to prevent this. The registered project paths in the global config are ignored by task run when determining the working directory.
Observed behaviour
cd ~
nightshift task run security-footgun --provider claude
# Project: /Users/username <-- scans entire home directoryExpected behaviour
nightshift task run should either:
- Refuse to run if the resolved project path is a home directory, system root, or other sensitive path (e.g.
/,/Users/username,/home/username,/tmp) - Warn and require confirmation before scanning outside a registered project path from the config
- Fall back to a registered project path from the global/project config instead of blindly using
cwd
Option 1 is the safest default. A blocklist of dangerous paths ($HOME, /, /tmp, /etc, /var) with a --force override would prevent accidental exposure without blocking intentional use.
Privacy concern
When running with --dangerously-skip-permissions or --dangerously-bypass-approvals-and-sandbox, the AI agent has unrestricted filesystem access. Pointing it at a home directory means it can read and potentially reference credentials, API keys, SSH keys, browser data, and other sensitive material in its output (PRs, reports, logs).
Environment
- nightshift: v0.3.1
- macOS 15.6