skill-comply

This module is not itself obfuscated or covertly malicious, but it performs dangerous actions: it executes arbitrary setup commands from scenario.setup_commands and runs a third-party 'claude' CLI with its sandbox directory and broad allowed tools (including Bash). If Scenario inputs or the 'claude' binary/output are untrusted or compromised, an attacker could achieve code execution, file read/write, or data exfiltration from the sandbox and potentially beyond (depending on other system permissions). Treat this module as high-risk infrastructure: only run with fully trusted Scenario objects, a trusted 'claude' binary, and on systems where executing provided commands and giving the assistant Bash/Read/Write is acceptable. Consider stronger sandboxing (containers, unprivileged users, seccomp, mount namespaces), placing SANDBOX_BASE in a private location, and limiting allowedTools or validating setup commands before execution.