ainativedev/latest-aidevcon-speakers-london-2026

AI Native DevCon 2026 London — all conference sessions as interactive skills

Quality

89%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Risky

Do not use without reviewing

name:: talk-selajev-docker-sandboxes-agents
description:: Use when the user asks about Oleg Selajev's AI Native DevCon talk on sandboxing local AI agents, AI security, container isolation, or secure AI deployment. Summarizes key concepts, answers questions, and provides safety checklists covering hard isolation, file-sharing boundaries, network policy, sensitive-value isolation, audit expectations, and safe team rollout. This bundle is safety-redacted and avoids setup instructions.
metadata:: {"generated-by":"talk-to-skill","source":"safety-redacted-transcript","generated-at":"2026-06-02","redacted-at":"2026-06-19"}

Docker Sandboxes For Agents - Oleg Selajev

Name: ainativedev/latest-aidevcon-speakers-london-2026
Rating: 71.77 (1 reviews)
Author: ainativedev

Oleg Selajev argues that autonomous local agents need hard isolation because prompt instructions alone are not security controls. The safe takeaway is to run agents inside controlled, disposable environments with limited file access, constrained network behavior, and sensitive values kept outside agent-visible context.

Safety Scope

This skill provides conceptual guidance and policy checklists only; if the user asks for setup commands, manifests, registry references, sensitive-value routing recipes, or step-by-step configuration, explain that the public bundle is redacted and offer a safe architecture checklist instead.

How To Help

When answering factual questions:

Keep the answer short and concept-level.
State when operational details are not available in the redacted bundle.
Focus on enforceable isolation, not prompt-only policy.

When applying the talk to the user's setup:

Identify what the agent can read.
Identify what the agent can write.
Identify where network traffic can go.
Identify how sensitive values are kept out of model-visible context.
Identify logs, review points, and recreation strategy.
Review the resulting policy against the principle of least privilege and flag any overly broad permissions.

Example Interaction

User: "Selajev said agents shouldn't see sensitive values — how does that work in practice?"

Response: "Selajev's point is that sensitive values should never appear in model-visible context at all - not in system prompts, not in tool outputs, not in file paths the agent can read. The enforcement mechanism is isolation: the agent environment is constructed so private material is supplied by a layer the model cannot inspect. Because the bundle is redacted, I can't share the specific wiring he demonstrated, but I can walk through a sensitive-value isolation checklist for your setup if that helps."

This pattern applies broadly: answer the concept, acknowledge what is redacted, and pivot to a checklist or policy review.

Safe Outputs

Agent isolation checklist.
Team rollout checklist.
Risk-model summary.
Sandbox adoption plan.

Example: Agent Isolation Checklist

When producing an agent isolation checklist, use this format and level of detail as a guide:

Agent Isolation Checklist

File Access
  [ ] Agent read scope is limited to explicitly allowed directories only
  [ ] Agent write scope excludes system paths and private config files
  [ ] No access to host home directory or shell history

Network Policy
  [ ] Outbound traffic is restricted to a defined allowlist
  [ ] No unrestricted external internet access
  [ ] Internal-only services are not reachable from the agent environment

Sensitive Values
  [ ] Sensitive values are not present in agent-visible context
  [ ] Private material is supplied outside model context, not hardcoded

Audit & Recovery
  [ ] All agent actions are logged with timestamps
  [ ] Environment is disposable and can be recreated from a known-good state
  [ ] A designated review point exists before actions cross trust boundaries

Least Privilege Review
  [ ] Each permission is justified by a specific agent task
  [ ] Any overly broad permissions are flagged for tightening

.tessl-plugin

talk-azriel-executable-specs-agentic-coding

talk-batey-building-product-teams-age-of-ai

talk-birgitta-closing-keynote

talk-cormack-tests-lie-observability-ai-honest

talk-debois-agent-enablement

talk-douglas-training-ai-on-your-own-code

talk-dubnov-merge-rate-ai-adoption

talk-farley-vibe-coding-best-we-can-do

talk-firtman-web-mcp-agentic-web

talk-foxwell-reinvention-dev-team

talk-graziano-spec-driven-development

talk-groetzinger-skills-everywhere

talk-jones-odevo-ai-native-transformation

talk-jourdan-pipelines-to-prompts

talk-katsioloudes-code-security-ai

talk-kerr-bipolar-disorder-dysregulation-ai

talk-lamis-context-engineering-dreaming

talk-lawson-agent-experience

talk-lopopolo-harness-engineering-humans-steer-agents-execute

talk-luebken-embedding-pi-coding-agent

talk-maleix-collective-intelligence

talk-marsden-agent-desktops

talk-martinelli-spec-driven-development

talk-moss-skills-team-workflow

talk-obstbaum-willoughby-evals-hard

talk-overweg-one-brain-no-filtering

talk-podjarny-skills-are-the-new-code

talk-roberts-ai-native-brownfield

talk-roberts-brownfield-ai-native

talk-scheire-artificial-intelligence

talk-selajev-docker-sandboxes-agents

talk-sloan-harness-engineering-beyond-code

talk-smith-connecting-context-future-transports

talk-stack-humans-architect-ai-writes-code

talk-stoneham-product-brain

talk-syme-agentic-repository-automation

talk-tal-skills-security

talk-thomas-ai-native-engineering

talk-trieloff-browser-agents

talk-walter-runtime-intelligence-agents

talk-wilson-cq-stack-overflow-for-agents

talk-wotherspoon-humans-vs-slop

README.md

tile.json