AGENT_CODE_EXECUTION
Verify AI agent code execution is sandboxed with resource limits, output sanitization, and no arbitrary eval patterns.
Framework Mappings
OWASP Agentic ASI05 — Unexpected Code Execution (RCE)
Agent Frameworks Scanned
Claude CodeLangChainCrewAIAutoGen
Evaluation Facets
01
Sandbox Isolation
RequiredWeight: 0.35
Pass:Code execution in Docker, Pyodide, seccomp, or sandbox
Fail:Unsandboxed execution (use_docker: False, allow_dangerous_code)
02
Resource Limits
RequiredWeight: 0.25
Pass:Timeout and/or memory limits configured
Fail:No resource limits on execution
03
Output Sanitization
Weight: 0.25
Pass:Output parsers or PII filters on execution results
Fail:No output filtering
04
No Arbitrary Eval
Weight: 0.15
Pass:No eval()/exec()/Function()/subprocess patterns
Fail:Dangerous eval patterns found in agent code
Remediation Steps
- 1Sandbox all code execution in containers or restricted runtimes
- 2Configure timeout and memory limits for execution
- 3Add output sanitization to filter sensitive data from results
- 4Remove or replace dangerous eval patterns
Evaluate this control automatically
Connect your repos and Brigs evaluates AGENT_CODE_EXECUTION across all your agent configurations.
Get Started — Free