Safeguard yourself: do backups (yes, now!), don't run random code on production systems. If you must run untrusted pipelines, you can bubblewrap them in a bwrap sandbox - here is an example (works transparently with conda envs & system tools): gist.github.com/vmikk/08212e...
Run shell commands in a lightweight sandbox (using `bubblewrap`) - sbx.sh
