I get the concern, however. But, short of nuking the actual .git directory, the upsides are worth it, in my opinion. Cursor offers filtering via a mini-prompt in its YOLO mode, so does Windsurf. The idea is killer, it allows it to progressively build and also correct its own errors. e.g. Cursorrules can be told to run tests after a feature is generated, or typecheck, or some other automated feedback-loop your codebase offers. That's pretty neat!

Better yet, setup a dev container first. Then, at most, your local DB is the only concern. If still paranoid (as you should be), suspend your network while the agent is working. :D