diff --git a/claude.sh b/claude.sh
index 62aad47..a9267e9 100644
--- a/claude.sh
+++ b/claude.sh
@@ -44,8 +44,44 @@ load_env() {
 
 # ─── Workspace volume resolution ──────────────────────────────────────────────
 # Mounts the current working directory as /workspace inside the container.
+# Refuses to mount the home directory or system directories.
 workspace_flag() {
-    echo "--volume $(pwd):/workspace:z"
+    local cwd
+    cwd="$(pwd)"
+
+    # Exact-match blocklist — mounting these exposes too much of the host
+    local -a exact_blocked=(
+        /
+        "$HOME"
+        /root
+        /home
+    )
+
+    # Prefix blocklist — these and any subdirectory are system internals
+    local -a prefix_blocked=(
+        /bin /sbin /lib /lib64
+        /etc /usr /var
+        /proc /sys /dev
+        /boot /run
+    )
+
+    for dir in "${exact_blocked[@]}"; do
+        if [[ "$cwd" == "$dir" ]]; then
+            error "Refusing to mount $cwd as workspace — too broad."
+            error "cd into a project subdirectory first."
+            exit 1
+        fi
+    done
+
+    for dir in "${prefix_blocked[@]}"; do
+        if [[ "$cwd" == "$dir" || "$cwd" == "$dir/"* ]]; then
+            error "Refusing to mount $cwd as workspace — system directory."
+            error "cd into a project subdirectory first."
+            exit 1
+        fi
+    done
+
+    echo "--volume ${cwd}:/workspace:z"
 }
 
 # ─── Compose wrapper ──────────────────────────────────────────────────────────