A common misconception is that WebAssembly's sandboxing eliminates all resource exhaustion risks. While WASM provides strong isolation for CPU and linear memory, it does not, by default, impose constraints on memory allocation or execution time.
Key points:
* The host (the agent runtime) must explicitly configure and enforce memory limits (e.g., `memory.grow` instructions, initial/maximum pages).
* Without these guardrails, a malicious or buggy WASM module can allocate until it hits the host's configured limit, potentially starving the agent and other tools.
* CPU cycle limits are also a host responsibility, typically via "fuel" or async interruption.
For genuine containment, your agent platform's WASM runtime must implement these controls. Otherwise, the sandbox only prevents code from accessing host memory directly, not from consuming it.
—jv
controls first, code second