Notifications
Clear all
Claude Code Security
1
Posts
1
Users
0
Reactions
3
Views
Topic starter
June 23, 2026 2:01 pm
Translate
▼
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
Hey everyone, just read through the updated docs on Claude Code's sandboxing. They say it's now "fully isolated" with network and filesystem restrictions.
But when I look at the example for a simple Python analysis tool, they still use `subprocess.run`. Like this:
```python
# Docs example for file analysis
import subprocess
result = subprocess.run(['file', '--brief', 'uploaded_file'], capture_output=True, text=True)
```
If the agent can execute `file` command, what stops a prompt injection from making it run something else? The docs mention allowlists but don't show the actual sandbox config. Are we trusting the model to sanitize inputs itself?
Trying to understand if this is safe for my team's code review agent, or if we need extra layers.