> ## Documentation Index > Fetch the complete documentation index at: https://docs.kubiya.ai/llms.txt > Use this file to discover all available pages before exploring further. # Sandboxed Execution > Safe code execution in isolated containers with Python, Shell, and Docker support. When sandbox mode is enabled, the Meta Agent can execute code safely in isolated containers. This enables powerful automation while maintaining security. **Required Connector:** Sandbox ## Execution Tools | Tool | Description | | ---------------- | ---------------------------------- | | `execute_python` | Run Python code in a sandbox | | `execute_shell` | Run shell commands in a sandbox | | `execute_docker` | Run commands in a Docker container | *** ## Python Execution Run Python code with access to common libraries. **Example Usage:** ``` "Run a Python script to analyze the CSV data" "Execute Python code to calculate the deployment statistics" "Parse the JSON response and extract the relevant fields" ``` ### Available Libraries The sandbox includes common Python libraries: * `requests` - HTTP requests * `pandas` - Data analysis * `json` - JSON parsing * `csv` - CSV handling * `datetime` - Date/time operations * And many more standard library modules *** ## Shell Execution Run shell commands in an isolated environment. **Example Usage:** ``` "Run a vulnerability scan on this repository using trivy" "Execute curl to test the API endpoint" "Run grep to search for patterns in the logs" ``` *** ## Docker Execution Run commands in custom Docker containers. **Example Usage:** ``` "Build and test the Docker image" "Run the test suite in a containerized environment" "Execute the migration script in a database container" ``` *** ## Sandbox Features ### Isolation * Code runs in ephemeral containers * Each execution starts with a clean environment * No persistence between executions ### Resource Limits * **Memory**: Configurable memory limits * **CPU**: CPU time constraints * **Storage**: Limited disk space ### Network Control * Configurable network access * Can restrict outbound connections * Prevent access to internal networks ### Timeout Protection * Automatic termination of long-running tasks * Configurable timeout values * Graceful shutdown handling ### File System Isolation * No access to host file system * Temporary workspace for each execution * Automatic cleanup after completion *** ## Security Considerations While the sandbox provides isolation, always review what code you're asking the Meta Agent to execute. The sandbox is designed for automation tasks, not for running untrusted code. ### Best Practices 1. **Review generated code** before execution for sensitive operations 2. **Use minimal permissions** when configuring the sandbox connector 3. **Monitor executions** through the execution logs 4. **Set appropriate timeouts** to prevent runaway processes *** ## Example Workflows ### Data Analysis ``` User: "Analyze the deployment frequency from this CSV" Meta Agent: Executes Python to parse CSV, calculate statistics, and generate a summary report ``` ### Security Scanning ``` User: "Scan the repository for vulnerabilities" Meta Agent: Runs trivy or similar tools in the sandbox, parses results, and presents findings ``` ### API Testing ``` User: "Test all endpoints in the OpenAPI spec" Meta Agent: Generates and executes curl commands or Python requests to validate API responses ``` *** ## Related * **[Meta Agent Overview](/core-concepts/meta-agent)** - Meta Agent capabilities * **[Executions](/core-concepts/execution-infrastructure/executions)** - Execution monitoring * **[Workers](/core-concepts/execution-infrastructure/workers)** - Worker configuration