A sandboxed session could use cross-agent sessions spawn to create a child under an agent configured with sandbox.mode="off", downgrading runtime confinement.

In mixed-agent setups that allow cross-agent spawning, a sandboxed requester could escape into an unsandboxed child runtime.

Spawn-time sandbox inheritance is now enforced: if the requester is sandboxed and the resolved child runtime would be unsandboxed, spawn is rejected.