Validate the agent's behavior in a safe environment before trusting it with production code. Be specific, not vague. "Clean up this project" is dangerous. "Delete all .pyc files in the src/ directory" ...