[Security] Sandbox escape via ctypes in LocalPythonExecutor

[rishavkumarthapa01-sketch]

Summary

LocalPythonExecutor maintains a DANGEROUS_MODULES blocklist but ctypes
is absent, allowing direct libc.system() calls that bypass all sandbox
restrictions.

Vulnerable code

local_python_executor.py L130-L141 — ctypes not in DANGEROUS_MODULES

Suggested fix

Add ctypes to DANGEROUS_MODULES:

DANGEROUS_MODULES = [
    "builtins", "io", "multiprocessing", "os", "pathlib",
    "pty", "shutil", "socket", "subprocess", "sys",
    "ctypes",  # add this
]

Reported via

huntr.com bug bounty program (report pending review)

[rishavkumarthapa01-sketch]

Note: This was reported via huntr.com bug bounty program on Mar 17 2026 before
this public issue was filed. Huntr has notified the huggingface/smolagents team.

[shravanandoria]

can you assign this to me, I would like to work on this issue

[rishavkumarthapa01-sketch]

This issue was reported via huntr.com bug bounty program on March 17, 2026. The fix should not be submitted as a standalone PR until the bounty process is complete. Please coordinate with the Huntr team first.