I'd be curious if you could intentionally direct it to do something malicious. While not guarantee, if it's not capable of violating your trust intentionally it hopefully reduces the likelihood of something inadvertent happening.

Like, install and run it in a docker container and then ask it to escape the container and write to a temp file on the host.