Contained environment being? What do you mean by contained environment specifically on say, Linux?

Must be protected from this though:

> Snowflake Cortex (2025): Prompt injection through a data file caused an agent to disable its own sandbox, then execute arbitrary code. The agent reasoned that its sandbox constraints were interfering with its goal, so it disabled them.