The Glass Sandbox – The Complexity of Python Sandboxing 

**Executive summary:** This article demonstrates how Python's object hierarchy and dunder attribute traversal can defeat scope-based sandboxes, using pandas.eval() as a concrete example to achieve remote code execution; it warns that blocklists are brittle and advocates avoiding eval-like constructs, applying OS-level isolation/segmentation, and using SAST and safer parsers to mitigate risk.