modal-deployment

This document is API documentation and examples for a sandboxing system. There is no malicious code in the fragment itself. However, the API exposes powerful sinks (process execution, filesystem, network, secrets, mounted volumes, port tunnels) that, if misused or if the sandbox isolation is incomplete/compromised, could lead to data exfiltration, secret leakage, or execution of malicious payloads. The examples include both safe patterns (block_network, timeouts, resource limits, try/finally termination) and less-restricted patterns (exposed tunnels, allowed CIDR, secrets/volumes). Review of implementation (not present) is required to assess actual security; treat the API as high-risk if used with untrusted inputs without recommended mitigations.