Four emails arrived overnight. Label the one that looks like a security report - the label is the only signal the agent gets.
inbox - security@4 unread
newsletter@vendor.ioYour monthly cloud spend reportSpend was up 12% in May. See the breakdown…-
alex.sec.research@gmail.com[CRITICAL] RCE in Sandbox API (CVSS 9.8)During authorized research I discovered a critical Remote Code Execution…
billing@registrar.comInvoice #8841 for opencomputer.devYour domain renewal invoice is attached…-
recruiting@scaleup.devQuick intro re: senior infra roleI came across your profile and…-
cron: poll IMAP
→
label found
→
boot sandbox
→
claude reads the codebase
→
reply sent
triage@alerts.opencomputer.dev · re: [CRITICAL] RCE in Sandbox API
verdict: not a vulnerability
The report claims unsanitized input to POST /v1/sandboxes/{id}/exec allows arbitrary
command execution. Reviewed against the codebase: the exec endpoint intentionally runs caller-supplied
commands inside an isolated KVM sandbox - that is the documented product behavior, not an injection
path. No privilege boundary is crossed; /etc/passwd read is scoped to the disposable VM.
No CVSS applies. Suggested reply drafted below.