diff --git a/nanobot/agent/tools/shell.py b/nanobot/agent/tools/shell.py
index dd3a44335..77803e8b3 100644
--- a/nanobot/agent/tools/shell.py
+++ b/nanobot/agent/tools/shell.py
@@ -183,7 +183,16 @@ class ExecTool(Tool):
                     p = Path(expanded).expanduser().resolve()
                 except Exception:
                     continue
-                if p.is_absolute() and cwd_path not in p.parents and p != cwd_path:
+
+                from nanobot.config.paths import get_runtime_subdir
+                media_path = get_runtime_subdir("media").resolve()
+
+                if (p.is_absolute() 
+                    and cwd_path not in p.parents 
+                    and p != cwd_path
+                    and media_path not in p.parents
+                    and p != media_path
+                ):
                     return "Error: Command blocked by safety guard (path outside working dir)"
 
         return None