Perfect is the enemy of good.
Don't just rawdog a coding agent because a perfectly viable solution (containers) takes an hour or two of work to set up.
There's a world of difference between "it can scan your network" and "I just uploaded my private SSH keys to the cloud".
Setting up a separate unprivileged Linux user account takes all of like a minute. Assuming that the $HOME for your daily-driver account isn't world-readable, [0] that gets you the majority of the isolation that containerization provides and doesn't expose you to any bugs in the containerization management daemon (or the containerization code, itself) that may still be present even after all these years.
These things are usually TUIs or CLIs, so you don't need to bother with giving them xauth access or whatever the Wayland equivalents for that are.
[0] If it is, you might consider fixing that immediately.