You are building an LLM agent that can write and run small snippets of code to answer user requests, transform files, and inspect structured data. The agent is useful, but once it can execute code, mistakes or malicious prompts can turn into system risk. You need a design that contains the agent even when the model produces unsafe code or a user tries to manipulate it.
How do you sandbox an agent's code execution so it cannot break the system?