I don’t understand why these agents lack a “second level” agent that oversees their commands and is able to veto anything dangerous Even models from several years ago would be able to understand whether an “rm -rf ~” made sense in the context of the task in hand, and would understand the consequences sufficiently to be wary of it.