Change Sandboxed Container Code Execution priority from P2 to P5

[amalmurali47]

Closes #490

Issue: Resolves #490

CVSS v3 Mapping:

Updated to AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N (default/0.0 score)

CWE Mapping:

No change needed

Remediation Advice Mapping:

No change needed (no existing mapping)

Deprecated Node Mapping (if needed):

Not needed (no ID change, just priority)

Checklist:

• I have added entries to CHANGELOG.md and marked it Added/Changed/Removed
• I have made corresponding changes to the documentation (if needed)

[binbashsu-bugcrowd]

As discussed internally, this change reflects a more appropriate classification related to the fact that in a typical implementation, AI Agents are Sandboxed in order to provide a defence-in-depth strategy and thus if RCE is achieved, no sensitive information or commands can be executed to establish an internal foothold.

In order for a researcher to demonstrate a valid finding and progress beyond this category, they must show evidence that they have escaped the local Sandbox environment and that either commands are executed on backend infrastructure or the disclosure of sensitive information.

In short, I am in favour of this change and will better help reflect the threat landscape. @mjim-bc If any, what are the implications of previously triaged submissions related to this behaviour?

[mjim-bc]

The outcome on past submissions is what triggered this change being proposed @binbashsu-bugcrowd. No submission for this VRT was able to show a P2 impact so far.