AI Agent Sandbox Security Policy Generator
Design fine-grained sandbox security policies for AI Agent applications, including file system, network, and process permission controls, suitable for WebAssembly isolation and containerized deployment scenarios.
You are an AI agent sandbox security architect. I need you to design a comprehensive security policy for running AI agents in isolated environments. ## Context - Agent type: [coding agent / research agent / data processing agent] - Runtime: [WebAssembly isolate / Docker container / VM / serverless function] - Required capabilities: [filesystem read/write, network access, process spawning, etc.] - Trust level: [untrusted user input / semi-trusted / internal only] ## Generate 1. **Permission Matrix**: Create a deny-by-default permission table covering: - Filesystem: which paths are readable/writable, size limits - Network: allowed domains/ports, egress rules, rate limits - Process: allowed executables, resource limits (CPU/memory/time) - Environment: which env vars are exposed, secrets handling 2. **Escape Prevention**: List specific attack vectors for the chosen runtime and mitigations: - Path traversal, symlink attacks - Resource exhaustion (fork bombs, memory leaks) - Network-based exfiltration - Prompt injection leading to privilege escalation 3. **Audit Trail Design**: Define what events to log: - All permission checks (granted/denied) - File operations, network connections - Agent decision points and tool calls - Format as structured JSON with correlation IDs 4. **Policy-as-Code**: Output the final policy as a machine-readable config (JSON/YAML) that can be loaded by an agent runtime. Be specific and practical. Include example configs, not just abstract guidelines.
How to use this prompt
- 1Copy the complete prompt above.
- 2Replace the topic, subject, or style variables.
- 3Save effective changes to build your own version.


