/sandboxed · sink: SandboxedEnvironment + over-privileged registered global
Sandbox blocks the textbook RCE chain. A registered global ruins it.
The textbook SSTI chain ({{''.__class__.__mro__...}}) is blocked. But the app registered a global called `dump_diagnostics` that leaks the full app config. Call {{ dump_diagnostics() }} and read the VULNLAB_SSTI_SANDBOXED entry. The lesson: a sandbox can't reason about the side effects of helpers you expose to it.