I generally find it worth it for the simple risk that you may end up breaking stuff without anything malicious on behalf of the site.
E.g. cut and paste a command and get a linebreak in the wrong location and the "rm -rf /var/tmp/foo" turns into "rm -rf /var/". Fun times.
These days I'm more and more often just spinning up temporary containers as well. Not so much for security as to avoid making a mess of my environment with all the stuff I'm testing. So trivial to start out with a "docker run --rm -t -i ubuntu -v /some/suitable/host/dir:/mnt /bin/bash -l" or similar to get a fresh container with a directory I can dump anything I decide I want to keep in.
So is it safe to cut-and-paste that line there ;) ?
I type very fast but if I see a 100+ character line with a whole bunch of flags and what not the chances of introducing a fatality while re-typing it (was that / var or /var?) are quite large.
And of course anything that involves 'rm' or other nice and friendly commands gets an extra eyeball but at some point you have to decide to pull the trigger or not.
E.g. cut and paste a command and get a linebreak in the wrong location and the "rm -rf /var/tmp/foo" turns into "rm -rf /var/". Fun times.
These days I'm more and more often just spinning up temporary containers as well. Not so much for security as to avoid making a mess of my environment with all the stuff I'm testing. So trivial to start out with a "docker run --rm -t -i ubuntu -v /some/suitable/host/dir:/mnt /bin/bash -l" or similar to get a fresh container with a directory I can dump anything I decide I want to keep in.