diff --git a/PLUGINS.md b/PLUGINS.md
index 97528fde..28193954 100644
--- a/PLUGINS.md
+++ b/PLUGINS.md
@@ -270,3 +270,33 @@ python scripts/validate_plugin.py --plugin plugins/nmap
 
 The validation checks metadata JSON, required fields, checksums, and custom
 parser imports when applicable.
+
+## Per-Plugin Sandbox Overrides
+
+Each plugin's `metadata.json` may include an optional `sandbox` key that
+overrides the global process sandbox defaults for that specific scanner.
+
+```json
+{
+  "id": "example_plugin",
+  ...
+  "sandbox": {
+    "timeout_seconds": 300,
+    "max_memory_mb": 1024,
+    "max_output_bytes": 10485760,
+    "allow_network": true
+  }
+}
+```
+
+| Field | Type | Default | Description |
+| --- | --- | --- | --- |
+| `timeout_seconds` | integer | `120` | Max wall-clock seconds before SIGTERM → 3s grace → SIGKILL. |
+| `max_memory_mb` | integer | `512` | Virtual memory cap in MB; enforced via `RLIMIT_AS` on Linux. |
+| `max_output_bytes` | integer | `5242880` | Max bytes captured from the subprocess stdout/stderr. |
+| `allow_network` | boolean | `true` | Whether the subprocess may make network connections (reserved for future use). |
+
+Only the fields that differ from the global default need to be specified —
+missing fields inherit the global value. Plugins that require longer execution
+windows (e.g. comprehensive nmap scans, sqlmap aggressions) can raise
+`timeout_seconds` to prevent premature termination.
diff --git a/backend/requirements-dev.txt b/backend/requirements-dev.txt
index 179a0020..e780a039 100644
--- a/backend/requirements-dev.txt
+++ b/backend/requirements-dev.txt
@@ -4,3 +4,4 @@ httpx>=0.28.1
 ruff>=0.15.12
 pytest-asyncio>=0.24.0
 anyio>=4.0.0
+trio>=0.27.0
diff --git a/backend/secuscan/config.py b/backend/secuscan/config.py
index a7deae68..f86d4f30 100644
--- a/backend/secuscan/config.py
+++ b/backend/secuscan/config.py
@@ -76,12 +76,18 @@ class Settings(BaseSettings):
 
     trusted_proxies: List[str] = ["127.0.0.1", "::1"]
 
-    # Sandbox
+    # Sandbox — Docker isolation
     docker_enabled: bool = False
-    sandbox_timeout: int = 600  # seconds
+    sandbox_timeout: int = 600  # seconds (legacy, used by _resolve_execution_timeout)
     sandbox_cpu_quota: float = 0.5
     sandbox_memory_mb: int = 512
 
+    # Sandbox — subprocess resource limits
+    sandbox_timeout_seconds: int = 120
+    sandbox_max_memory_mb: int = 512
+    sandbox_max_output_bytes: int = 5_242_880
+    sandbox_allow_network: bool = True
+
     # Task-start payload limits (tunable via env vars)
     task_start_max_body_bytes: int = 64_000       # 64 KB total JSON body
     task_start_max_field_length: int = 1_000      # max chars per string input value
diff --git a/backend/secuscan/executor.py b/backend/secuscan/executor.py
index 44bda2ae..f3986ed7 100644
--- a/backend/secuscan/executor.py
+++ b/backend/secuscan/executor.py
@@ -18,8 +18,9 @@
 from .config import settings
 from .database import get_db
 from .plugins import get_plugin_manager
-from .models import TaskStatus
 from .ratelimit import concurrent_limiter
+from .models import TaskStatus, SandboxConfig
+from .sandbox_executor import sandbox_execute
 from .risk_scoring import compute_risk_score, compute_risk_factors
 
 
@@ -323,28 +324,33 @@ async def execute_task(self, task_id: str):
                 logger.info(f"Executing task {task_id}: {' '.join(command)}")
                 await self._broadcast(task_id, "status", TaskStatus.RUNNING.value)
 
-                # Execute command
                 start_time = time.time()
-                output, exit_code = await self._execute_command(
+                output, exit_code, violation_reason = await self._execute_command(
                     command,
                     task_id,
                     timeout=self._resolve_execution_timeout(inputs),
                 )
                 duration = time.time() - start_time
 
-                # Save raw output
                 raw_path = Path(settings.raw_output_dir) / f"{task_id}.txt"
                 output = redact(output)
                 with open(raw_path, 'w') as f:
                     f.write(output)
 
-                # Some CLI tools use non-zero exit codes for "no result" states while still
-                # producing a complete, parseable report. Let plugin metadata opt into that.
-                final_status, error_message = self._classify_command_result(
-                    plugin=plugin,
-                    output=output,
-                    exit_code=exit_code,
-                )
+                if violation_reason:
+                    status_map = {
+                        "timeout": TaskStatus.TERMINATED_TIMEOUT.value,
+                        "memory_limit": TaskStatus.TERMINATED_MEMORY.value,
+                        "output_limit": TaskStatus.TERMINATED_OUTPUT.value,
+                    }
+                    final_status = status_map.get(violation_reason, TaskStatus.FAILED.value)
+                    error_message = f"Sandbox violation: {violation_reason}"
+                else:
+                    final_status, error_message = self._classify_command_result(
+                        plugin=plugin,
+                        output=output,
+                        exit_code=exit_code,
+                    )
 
                 await db.execute(
                     """
@@ -465,63 +471,22 @@ async def _execute_command(
         self,
         command: list,
         task_id: str,
-        timeout: int = 600
+        timeout: int = 600,
     ) -> tuple:
-        """
-        Execute command in subprocess and stream output.
-
-        Args:
-            command: Command as list
-            task_id: Task identifier for logging
-            timeout: Execution timeout in seconds
-
-        Returns:
-            Tuple of (output, exit_code)
-        """
+        config = SandboxConfig(
+            timeout_seconds=timeout,
+            max_memory_mb=settings.sandbox_max_memory_mb,
+            max_output_bytes=settings.sandbox_max_output_bytes,
+            allow_network=settings.sandbox_allow_network,
+        )
         try:
-            process = await asyncio.create_subprocess_exec(
-                *command,
-                stdout=subprocess.PIPE,
-                stderr=subprocess.STDOUT
-            )
-
-            output_lines = []
-
-            async def read_stream():
-                stdout = process.stdout
-                if stdout is None:
-                    return
-                    
-                while not stdout.at_eof():
-                    line = await stdout.readline()
-                    if line:
-                        decoded_line = line.decode('utf-8', errors='replace')
-                        output_lines.append(decoded_line)
-                        await self._broadcast(task_id, "output", decoded_line)
-
-            try:
-                await asyncio.wait_for(read_stream(), timeout=timeout)
-                await process.wait()
-                return "".join(output_lines), process.returncode if process.returncode is not None else -1
-
-            except asyncio.TimeoutError:
-                process.kill()
-                await process.wait()
-                return "".join(output_lines) + "\nTask timed out", -1
-
-            except asyncio.CancelledError:
-                # Handle task cancellation by killing the subprocess
-                logger.warning(f"Task {task_id} cancelled. Killing process {process.pid}")
-                try:
-                    process.kill()
-                    await process.wait()
-                except Exception as e:
-                    logger.error(f"Error killing process for cancelled task {task_id}: {e}")
-                raise
-
+            stdout, stderr, exit_code, violation_reason = await sandbox_execute(command, config)
+            return stdout, exit_code, violation_reason
+        except asyncio.CancelledError:
+            raise
         except Exception as e:
             logger.error(f"Failed to execute command: {e}")
-            return f"Execution error: {str(e)}", -1
+            return f"Execution error: {str(e)}", -1, None
 
     def _resolve_execution_timeout(self, inputs: Dict[str, Any]) -> int:
         """Resolve per-task process timeout from plugin inputs."""
diff --git a/backend/secuscan/models.py b/backend/secuscan/models.py
index 5d4b52e5..951839b8 100644
--- a/backend/secuscan/models.py
+++ b/backend/secuscan/models.py
@@ -24,6 +24,17 @@ class TaskStatus(str, Enum):
     COMPLETED = "completed"
     FAILED = "failed"
     CANCELLED = "cancelled"
+    TERMINATED_TIMEOUT = "terminated:timeout"
+    TERMINATED_MEMORY = "terminated:memory_limit"
+    TERMINATED_OUTPUT = "terminated:output_limit"
+
+
+class SandboxConfig(BaseModel):
+    """Resource constraints applied to every plugin subprocess execution"""
+    timeout_seconds: int = Field(default=120, description="Max wall-clock seconds before SIGTERM")
+    max_memory_mb: int = Field(default=512, description="Max virtual memory in MB (RLIMIT_AS on Linux)")
+    max_output_bytes: int = Field(default=5_242_880, description="Max bytes captured from stdout/stderr")
+    allow_network: bool = Field(default=True, description="Whether subprocess can make network calls")
 
 
 class PluginFieldType(str, Enum):
@@ -74,6 +85,8 @@ class PluginMetadata(BaseModel):
     dependencies: Optional[Dict[str, List[str]]] = None
     docker_image: Optional[str] = None
 
+    sandbox: Optional[SandboxConfig] = None
+
     checksum: Optional[str] = None
     signature: Optional[str] = None
 
@@ -162,6 +175,14 @@ class PluginListResponse(BaseModel):
     total: int
 
 
+class SandboxViolation(Exception):
+    """Raised when sandbox constraints are violated."""
+
+    def __init__(self, reason: str):
+        super().__init__(reason)
+        self.reason = reason
+
+
 class ErrorResponse(BaseModel):
     """Error response"""
     error: str
diff --git a/backend/secuscan/sandbox_executor.py b/backend/secuscan/sandbox_executor.py
new file mode 100644
index 00000000..ba4e7935
--- /dev/null
+++ b/backend/secuscan/sandbox_executor.py
@@ -0,0 +1,184 @@
+import asyncio
+import logging
+import platform
+from asyncio import subprocess
+from typing import List, Optional, Tuple
+
+from .models import SandboxConfig
+
+logger = logging.getLogger(__name__)
+
+IS_LINUX = platform.system() == "Linux"
+
+CHUNK_SIZE = 64 * 1024
+SIGTERM_GRACE = 3.0
+
+
+def resolve_sandbox_config(plugin_sandbox: Optional[SandboxConfig] = None) -> SandboxConfig:
+    """Merge global settings with optional per-plugin sandbox overrides."""
+    from .config import settings
+    base = SandboxConfig(
+        timeout_seconds=settings.sandbox_timeout_seconds,
+        max_memory_mb=settings.sandbox_max_memory_mb,
+        max_output_bytes=settings.sandbox_max_output_bytes,
+        allow_network=settings.sandbox_allow_network,
+    )
+    if not plugin_sandbox:
+        return base
+    overrides = plugin_sandbox.model_dump(exclude_none=True)
+    return base.model_copy(update=overrides)
+
+
+def _build_preexec_fn(config: SandboxConfig):
+    """Build preexec_fn for Linux that applies RLIMIT_AS."""
+    mem_limit = config.max_memory_mb * 1024 * 1024
+
+    def _apply_limits():
+        import resource
+        resource.setrlimit(resource.RLIMIT_AS, (mem_limit, mem_limit))
+
+    return _apply_limits
+
+
+def classify_memory_violation(
+    exit_code: int,
+    stderr_text: str,
+    rss_bytes: int,
+    limit_bytes: int,
+) -> bool:
+    """Post-mortem heuristic to classify whether failure was caused by memory exhaustion."""
+    if exit_code in (-11, 139):
+        return True
+    if "MemoryError" in stderr_text or "Cannot allocate memory" in stderr_text:
+        return True
+    if rss_bytes >= limit_bytes * 95 // 100 and exit_code != 0:
+        return True
+    return False
+
+
+async def _terminate_process(process):
+    """Graceful SIGTERM -> 3s grace -> SIGKILL escalation. Always reaps."""
+    try:
+        process.terminate()
+    except ProcessLookupError:
+        return
+    try:
+        await asyncio.wait_for(process.wait(), timeout=SIGTERM_GRACE)
+    except asyncio.TimeoutError:
+        try:
+            process.kill()
+        except ProcessLookupError:
+            pass
+        await process.wait()
+
+
+async def _read_stream(stream, buffer, state):
+    """Read from a stream in 64KB chunks, respecting max_output_bytes limit."""
+    while True:
+        chunk = await stream.read(CHUNK_SIZE)
+        if not chunk:
+            break
+        if state["limit_hit"]:
+            break
+        remaining = state["max_bytes"] - state["total_bytes"]
+        if remaining <= 0:
+            state["limit_hit"] = True
+            break
+        if len(chunk) > remaining:
+            chunk = chunk[:remaining]
+            state["limit_hit"] = True
+        buffer.extend(chunk)
+        state["total_bytes"] += len(chunk)
+
+
+async def sandbox_execute(
+    cmd: List[str],
+    config: SandboxConfig,
+) -> Tuple[str, str, int, Optional[str]]:
+    """
+    Execute a subprocess under sandbox resource constraints.
+
+    Returns (stdout_str, stderr_str, exit_code, violation_reason).
+    violation_reason is None on success, or one of
+    "timeout", "memory_limit", "output_limit".
+    """
+    preexec_fn = _build_preexec_fn(config) if IS_LINUX else None
+
+    process = await asyncio.create_subprocess_exec(
+        *cmd,
+        stdout=subprocess.PIPE,
+        stderr=subprocess.PIPE,
+        preexec_fn=preexec_fn,
+    )
+
+    stdout_buffer = bytearray()
+    stderr_buffer = bytearray()
+
+    state = {
+        "total_bytes": 0,
+        "max_bytes": config.max_output_bytes,
+        "limit_hit": False,
+    }
+
+    violation_reason = None
+
+    reader_task = asyncio.gather(
+        _read_stream(process.stdout, stdout_buffer, state),
+        _read_stream(process.stderr, stderr_buffer, state),
+    )
+
+    try:
+        try:
+            await asyncio.wait_for(reader_task, timeout=config.timeout_seconds)
+        except asyncio.TimeoutError:
+            if state["limit_hit"]:
+                violation_reason = "output_limit"
+            else:
+                violation_reason = "timeout"
+            reader_task.cancel()
+            try:
+                await reader_task
+            except (asyncio.CancelledError, asyncio.TimeoutError):
+                pass
+            await _terminate_process(process)
+        else:
+            if state["limit_hit"]:
+                violation_reason = "output_limit"
+                await _terminate_process(process)
+            else:
+                await process.wait()
+    except asyncio.CancelledError:
+        violation_reason = None
+        if not reader_task.done():
+            reader_task.cancel()
+            try:
+                await reader_task
+            except (asyncio.CancelledError, asyncio.TimeoutError):
+                pass
+        raise
+    finally:
+        if process.returncode is None:
+            await _terminate_process(process)
+
+    stdout_str = stdout_buffer.decode("utf-8", errors="replace")
+    stderr_str = stderr_buffer.decode("utf-8", errors="replace")
+    exit_code = process.returncode if process.returncode is not None else -1
+
+    if violation_reason is None and exit_code != 0:
+        rss_bytes = 0
+        try:
+            import resource
+            usage = resource.getrusage(resource.RUSAGE_CHILDREN)
+            if IS_LINUX:
+                rss_bytes = usage.ru_maxrss * 1024
+            else:
+                rss_bytes = usage.ru_maxrss
+        except (ImportError, AttributeError):
+            pass
+
+        limit_bytes = config.max_memory_mb * 1024 * 1024
+
+        if classify_memory_violation(exit_code, stderr_str, rss_bytes, limit_bytes):
+            violation_reason = "memory_limit"
+
+    return stdout_str, stderr_str, exit_code, violation_reason
diff --git a/frontend/src/pages/TaskDetails.tsx b/frontend/src/pages/TaskDetails.tsx
index 0b4e7631..813894a6 100644
--- a/frontend/src/pages/TaskDetails.tsx
+++ b/frontend/src/pages/TaskDetails.tsx
@@ -115,6 +115,15 @@ function formatToolLabel(tool?: string, pluginId?: string) {
     return normalized.toUpperCase()
 }
 
+function formatStatusLabel(status: string): string {
+    switch (status) {
+        case 'terminated:timeout': return 'TERMINATED (TIMEOUT)'
+        case 'terminated:memory_limit': return 'TERMINATED (MEMORY LIMIT)'
+        case 'terminated:output_limit': return 'TERMINATED (OUTPUT LIMIT)'
+        default: return status.toUpperCase()
+    }
+}
+
 const containerVariants = {
     hidden: { opacity: 0 },
     visible: {
@@ -315,7 +324,7 @@ export default function TaskDetails() {
             try {
                 const data = JSON.parse(e.data)
                 setTask((prev: Task | null) => prev ? { ...prev, status: data.status } : null)
-                if (['completed', 'failed', 'cancelled'].includes(data.status)) {
+                if (['completed', 'failed', 'cancelled', 'terminated:timeout', 'terminated:memory_limit', 'terminated:output_limit'].includes(data.status)) {
                     es.close()
                     loadTask()
                 }
@@ -441,11 +450,11 @@ export default function TaskDetails() {
     const completedTime = task.completed_at
         ? formatLocaleTime(task.completed_at, { hour: '2-digit', minute: '2-digit' })
         : '--:--'
-    const isTerminal = ['completed', 'failed', 'cancelled'].includes(task.status)
+    const isTerminal = ['completed', 'failed', 'cancelled', 'terminated:timeout', 'terminated:memory_limit', 'terminated:output_limit'].includes(task.status)
     const durationLabel = isTerminal
         ? (task.duration_seconds
             ? `${Math.floor(task.duration_seconds / 60)}M ${Math.floor(task.duration_seconds % 60)}S`
-            : (task.status === 'completed' ? '0M 0S' : 'TERMINATED'))
+            : (task.status === 'completed' ? '0M 0S' : task.status.startsWith('terminated:') ? formatStatusLabel(task.status) : 'TERMINATED'))
         : 'ACTIVE'
     const severityCounts = findings.reduce((acc: Record<string, number>, finding: any) => {
         const key = (finding.severity || 'info').toLowerCase()
@@ -493,7 +502,9 @@ export default function TaskDetails() {
             ? 'bg-rag-red/15 text-rag-red border-rag-red/30'
             : task.status === 'cancelled'
                 ? 'bg-silver/10 text-silver/70 border-silver/15'
-                : 'bg-rag-amber/15 text-rag-amber border-rag-amber/30'
+                : task.status.startsWith('terminated:')
+                    ? 'bg-rag-amber/15 text-rag-amber border-rag-amber/30'
+                    : 'bg-rag-amber/15 text-rag-amber border-rag-amber/30'
 
     const severityTone = (severity?: string) => {
         const normalized = (severity || '').toLowerCase()
@@ -528,7 +539,7 @@ export default function TaskDetails() {
         ['Target', task.target],
         ['Tool', toolLabel],
         ['Plugin', task.plugin_id || 'N/A'],
-        ['Status', task.status],
+                                ['Status', formatStatusLabel(task.status)],
         ['Start Time', task.started_at ? formatDateLong(task.started_at) : 'PENDING'],
         ['Finish Time', task.completed_at ? formatDateLong(task.completed_at) : 'ACTIVE'],
         ['Duration', durationLabel],
@@ -592,7 +603,7 @@ export default function TaskDetails() {
         : [
             `${String(result?.structured?.total_count || findings.length)} security findings indexed for ${task.target}.`,
             `Risk analysis identifies ${severityCounts[dominantSeverity] || 0} ${dominantSeverity.toUpperCase()} priority items.`,
-            `Current assessment status: ${task.status.toUpperCase()}.`,
+            `Current assessment status: ${formatStatusLabel(task.status)}.`,
             `Scanning engines performed comprehensive inspection via ${toolLabel}.`,
         ]
     const previewFindings = findings.slice(0, 5)
@@ -658,8 +669,11 @@ export default function TaskDetails() {
 
                                     Copy ID
                                 </button>
-                                <span className={`px-3 py-1 text-[10px] uppercase tracking-[0.3em] border ${statusTone}`}>
-                                    {task.status}
+                                <span
+                                    className={`px-3 py-1 text-[10px] uppercase tracking-[0.3em] border ${statusTone}`}
+                                    title={task.error_message && task.status.startsWith('terminated:') ? task.error_message : ''}
+                                >
+                                    {formatStatusLabel(task.status)}
                                 </span>
                             </div>
                             <h1 className="text-4xl md:text-6xl text-silver-bright uppercase tracking-tight leading-none italic font-black">
@@ -674,7 +688,7 @@ export default function TaskDetails() {
                     </div>
 
                     <div className="flex flex-wrap gap-3 xl:justify-end">
-                        {(task.status === 'completed' || task.status === 'failed') && (
+                        {(task.status === 'completed' || task.status === 'failed' || task.status.startsWith('terminated:')) && (
                             <button
                                 onClick={handleRescan}
                                 className="bg-rag-blue px-5 py-3 text-black text-[10px] font-black uppercase tracking-[0.26em] italic transition-colors hover:brightness-110 flex items-center gap-2"
@@ -730,7 +744,7 @@ export default function TaskDetails() {
                 <DetailCard
                     label="SCAN_DURATION"
                     value={durationLabel}
-                    subValue={task.completed_at ? `FINISH::${completedTime}` : (task.status === 'failed' ? 'ERROR_TERMINATED' : task.status === 'cancelled' ? 'USER_CANCELLED' : 'IN_PROGRESS')}
+                    subValue={task.completed_at ? `FINISH::${completedTime}` : (task.status === 'failed' ? 'ERROR_TERMINATED' : task.status === 'cancelled' ? 'USER_CANCELLED' : task.status.startsWith('terminated:') ? formatStatusLabel(task.status) : 'IN_PROGRESS')}
                 />
                 <DetailCard
                     label="TOTAL_FINDINGS"
@@ -740,21 +754,29 @@ export default function TaskDetails() {
             </section>
 
             <AnimatePresence>
-                {task.status === 'failed' && task.error_message && (
+                {(task.status === 'failed' || task.status.startsWith('terminated:')) && task.error_message && (
                     <motion.div
                         initial={{ opacity: 0, height: 0 }}
                         animate={{ opacity: 1, height: 'auto' }}
-                        className="bg-rag-red/10 border-l-4 border-rag-red p-6 space-y-3"
+                        className={task.status.startsWith('terminated:')
+                            ? 'bg-rag-amber/10 border-l-4 border-rag-amber p-6 space-y-3'
+                            : 'bg-rag-red/10 border-l-4 border-rag-red p-6 space-y-3'}
                     >
-                        <div className="flex items-center gap-3 text-rag-red">
+                        <div className={task.status.startsWith('terminated:') ? 'flex items-center gap-3 text-rag-amber' : 'flex items-center gap-3 text-rag-red'}>
                             <DetailIcon icon={AlertCircleIcon} />
-                            <h3 className="text-xs font-black uppercase tracking-[0.3em] italic">Critical_Execution_Fault</h3>
+                            <h3 className="text-xs font-black uppercase tracking-[0.3em] italic">
+                                {task.status.startsWith('terminated:') ? 'Sandbox_Violation' : 'Critical_Execution_Fault'}
+                            </h3>
                         </div>
                         <p className="text-sm font-mono text-silver/80 leading-relaxed max-w-4xl">
                             {task.error_message}
                         </p>
                         <div className="pt-2">
-                            <span className="text-[9px] font-black text-silver/30 uppercase tracking-[0.2em] italic">Diagnostic_Code::EXEC_FAIL_{task.exit_code || 'ERR'}</span>
+                            <span className="text-[9px] font-black text-silver/30 uppercase tracking-[0.2em] italic">
+                                {task.status.startsWith('terminated:')
+                                    ? `Diagnostic_Code::SANDBOX_${formatStatusLabel(task.status)}`
+                                    : `Diagnostic_Code::EXEC_FAIL_${task.exit_code || 'ERR'}`}
+                            </span>
                         </div>
                     </motion.div>
                 )}
@@ -1139,7 +1161,7 @@ export default function TaskDetails() {
                             {[
                                 ['Tool', toolLabel],
                                 ['Plugin', task.plugin_id || 'N/A'],
-                                ['Status', task.status],
+        ['Status', formatStatusLabel(task.status)],
                                 ['Created', formatDateLong(task.created_at)],
                                 ['Started', task.started_at ? formatDateLong(task.started_at) : 'PENDING'],
                                 ['Completed', task.completed_at ? formatDateLong(task.completed_at) : 'ACTIVE'],
diff --git a/testing/backend/conftest.py b/testing/backend/conftest.py
index 56c106b6..ad7707a2 100644
--- a/testing/backend/conftest.py
+++ b/testing/backend/conftest.py
@@ -5,6 +5,11 @@
 import pytest
 from fastapi.testclient import TestClient
 
+
+@pytest.fixture
+def anyio_backend():
+    return "asyncio"
+
 # Add repo root to sys.path so package imports work (backend.*)
 repo_root = Path(__file__).resolve().parents[2]
 sys.path.insert(0, str(repo_root))
@@ -20,7 +25,7 @@
 @pytest.fixture(autouse=True)
 def setup_test_environment(monkeypatch):
     """Override settings for tests to ensure isolated execution."""
-    temp_dir = tempfile.TemporaryDirectory()
+    temp_dir = tempfile.TemporaryDirectory(ignore_cleanup_errors=True)
     temp_path = temp_dir.name
 
     monkeypatch.setattr(settings, "data_dir", temp_path)
diff --git a/testing/backend/integration/test_phase2_plugins.py b/testing/backend/integration/test_phase2_plugins.py
index f1ff0625..2153602f 100644
--- a/testing/backend/integration/test_phase2_plugins.py
+++ b/testing/backend/integration/test_phase2_plugins.py
@@ -27,7 +27,7 @@ def parse_scantool_ids() -> set[str]:
 def run_plugin_test(test_client, plugin_id, inputs, mock_output):
     """Helper to run a plugin test with mocked execution."""
     with patch("backend.secuscan.executor.TaskExecutor._execute_command") as mock_exec:
-        mock_exec.return_value = (mock_output, 0)
+        mock_exec.return_value = (mock_output, 0, None)
         
         payload = {
             "plugin_id": plugin_id,
diff --git a/testing/backend/integration/test_phase3_plugins.py b/testing/backend/integration/test_phase3_plugins.py
index b40fc878..eccd5b5c 100644
--- a/testing/backend/integration/test_phase3_plugins.py
+++ b/testing/backend/integration/test_phase3_plugins.py
@@ -18,7 +18,7 @@
 def run_plugin_test(test_client, plugin_id, inputs, mock_output):
     """Helper to run a plugin test with mocked execution."""
     with patch("backend.secuscan.executor.TaskExecutor._execute_command") as mock_exec:
-        mock_exec.return_value = (mock_output, 0)
+        mock_exec.return_value = (mock_output, 0, None)
 
         payload = {
             "plugin_id": plugin_id,
diff --git a/testing/backend/integration/test_routes.py b/testing/backend/integration/test_routes.py
index c390327a..c3425c4c 100644
--- a/testing/backend/integration/test_routes.py
+++ b/testing/backend/integration/test_routes.py
@@ -55,7 +55,7 @@ def test_plugin_summary(test_client):
 def test_start_task(test_client):
     """Test starting a task with a mocked executor."""
     with patch("backend.secuscan.executor.TaskExecutor._execute_command") as mock_exec:
-        mock_exec.return_value = ("Mocked successful output", 0)
+        mock_exec.return_value = ("Mocked successful output", 0, None)
 
         payload = {
             "plugin_id": "http_inspector",
diff --git a/testing/backend/test_sandbox_executor.py b/testing/backend/test_sandbox_executor.py
new file mode 100644
index 00000000..7449643c
--- /dev/null
+++ b/testing/backend/test_sandbox_executor.py
@@ -0,0 +1,232 @@
+import asyncio
+import sys
+from pathlib import Path
+from unittest.mock import AsyncMock, MagicMock, patch
+
+import pytest
+
+sys.path.insert(0, str(Path(__file__).resolve().parents[2]))
+
+from backend.secuscan.models import SandboxConfig
+from backend.secuscan.sandbox_executor import (
+    sandbox_execute,
+    _terminate_process,
+    _build_preexec_fn,
+    classify_memory_violation,
+)
+
+
+@pytest.mark.asyncio
+async def test_legacy_timeout_compatibility():
+    """Test Case 1: Legacy Timeout Compatibility.
+
+    _execute_command(cmd, timeout=1) must apply the timeout and return
+    violation_reason "timeout".
+    """
+    from backend.secuscan.executor import TaskExecutor
+
+    exec_ = TaskExecutor()
+    output, exit_code, violation_reason = await exec_._execute_command(
+        [sys.executable, "-c", "import time; time.sleep(30)"],
+        "test-legacy-timeout",
+        timeout=1,
+    )
+    assert violation_reason == "timeout"
+    assert exit_code != 0
+
+
+@pytest.mark.asyncio
+async def test_signal_escalation():
+    """Test Case 2: Signal Escalation.
+
+    When a process ignores SIGTERM, verify that terminate() is called first,
+    then kill() after the grace period, and process.wait() is called twice (reap).
+    """
+    mock_process = MagicMock()
+    mock_process.returncode = None
+    mock_process.terminate = MagicMock()
+    mock_process.kill = MagicMock()
+
+    wait_count = 0
+
+    async def wait_side_effect():
+        nonlocal wait_count
+        wait_count += 1
+        if wait_count == 1:
+            await asyncio.sleep(999)
+
+    mock_process.wait = wait_side_effect
+
+    with patch("backend.secuscan.sandbox_executor.SIGTERM_GRACE", 0.05):
+        await _terminate_process(mock_process)
+
+    mock_process.terminate.assert_called_once()
+    mock_process.kill.assert_called_once()
+    assert wait_count == 2
+
+
+class TestMemoryLimitClassification:
+    """Test Case 3: Memory Limit Classification."""
+
+    @pytest.mark.parametrize("exit_code", [-11, 139])
+    def test_sigsegv(self, exit_code):
+        assert classify_memory_violation(
+            exit_code=exit_code,
+            stderr_text="",
+            rss_bytes=0,
+            limit_bytes=512 * 1024 * 1024,
+        ) is True
+
+    def test_memory_error_string(self):
+        assert classify_memory_violation(
+            exit_code=1,
+            stderr_text="MemoryError: unable to allocate",
+            rss_bytes=0,
+            limit_bytes=512 * 1024 * 1024,
+        ) is True
+
+    def test_cannot_allocate_memory(self):
+        assert classify_memory_violation(
+            exit_code=1,
+            stderr_text="Cannot allocate memory",
+            rss_bytes=0,
+            limit_bytes=512 * 1024 * 1024,
+        ) is True
+
+    def test_rss_heuristic(self):
+        limit_bytes = 512 * 1024 * 1024
+        assert classify_memory_violation(
+            exit_code=137,
+            stderr_text="",
+            rss_bytes=limit_bytes,
+            limit_bytes=limit_bytes,
+        ) is True
+
+    def test_rss_below_threshold(self):
+        limit_bytes = 512 * 1024 * 1024
+        assert classify_memory_violation(
+            exit_code=1,
+            stderr_text="",
+            rss_bytes=int(limit_bytes * 0.50),
+            limit_bytes=limit_bytes,
+        ) is False
+
+    def test_zero_exit_not_classified(self):
+        limit_bytes = 512 * 1024 * 1024
+        assert classify_memory_violation(
+            exit_code=0,
+            stderr_text="",
+            rss_bytes=int(limit_bytes * 0.99),
+            limit_bytes=limit_bytes,
+        ) is False
+
+
+@pytest.mark.asyncio
+async def test_proactive_output_truncation():
+    """Test Case 4: Proactive Output Truncation.
+
+    When subprocess output exceeds max_output_bytes, reading must stop
+    at the boundary, the process terminated, and violation_reason returned.
+    """
+    cfg = SandboxConfig(max_output_bytes=1024, timeout_seconds=30)
+    stdout, stderr, exit_code, violation_reason = await sandbox_execute(
+        [sys.executable, "-c", "print('A' * 10000000)"],
+        cfg,
+    )
+    assert violation_reason == "output_limit"
+    assert len(stdout) <= 2048
+    assert exit_code != 0
+
+
+@pytest.mark.asyncio
+async def test_task_cancellation_safety():
+    """Test Case 5: Task Cancellation Safety.
+
+    If the parent coroutine is cancelled, the subprocess must be
+    terminated and reaped, never orphaned.
+    """
+    cfg = SandboxConfig(timeout_seconds=30)
+    task = asyncio.create_task(
+        sandbox_execute(
+            [sys.executable, "-c", "import time; time.sleep(60)"],
+            cfg,
+        )
+    )
+    await asyncio.sleep(0.2)
+    task.cancel()
+    with pytest.raises(asyncio.CancelledError):
+        await task
+
+
+@pytest.mark.asyncio
+async def test_platform_guard_non_linux():
+    """Test Case 6: Platform Guard Verification.
+
+    On Linux, preexec_fn applies RLIMIT_AS. On other platforms,
+    it must be None (checked at call site in sandbox_execute).
+    Timeout and output limits must remain active on all platforms.
+    """
+    built = _build_preexec_fn(SandboxConfig(max_memory_mb=128))
+    assert callable(built)
+
+    cfg = SandboxConfig(max_output_bytes=100, timeout_seconds=30)
+    stdout, stderr, exit_code, violation_reason = await sandbox_execute(
+        [sys.executable, "-c", "print('x' * 5000)"],
+        cfg,
+    )
+    assert violation_reason == "output_limit"
+    assert len(stdout) < 500
+
+    cfg2 = SandboxConfig(timeout_seconds=1)
+    stdout2, stderr2, exit_code2, vr2 = await sandbox_execute(
+        [sys.executable, "-c", "import time; time.sleep(30)"],
+        cfg2,
+    )
+    assert vr2 == "timeout"
+
+
+@pytest.mark.asyncio
+async def test_sandbox_execute_normal_completion():
+    cfg = SandboxConfig(timeout_seconds=30)
+    stdout, stderr, exit_code, violation_reason = await sandbox_execute(
+        [sys.executable, "-c", "print('hello world')"],
+        cfg,
+    )
+    assert "hello world" in stdout
+    assert exit_code == 0
+    assert violation_reason is None
+
+
+def test_sandbox_violation_exception():
+    from backend.secuscan.models import SandboxViolation
+    exc = SandboxViolation("timeout")
+    assert exc.reason == "timeout"
+    assert str(exc) == "timeout"
+
+
+@pytest.mark.asyncio
+async def test_resolve_sandbox_config_global_defaults(monkeypatch):
+    from backend.secuscan.sandbox_executor import resolve_sandbox_config
+    monkeypatch.setattr(
+        "backend.secuscan.config.settings.sandbox_timeout_seconds",
+        42,
+    )
+    monkeypatch.setattr(
+        "backend.secuscan.config.settings.sandbox_max_memory_mb",
+        256,
+    )
+    resolved = resolve_sandbox_config(None)
+    assert resolved.timeout_seconds == 42
+    assert resolved.max_memory_mb == 256
+    assert resolved.max_output_bytes == 5_242_880
+
+
+@pytest.mark.asyncio
+async def test_resolve_sandbox_config_plugin_overrides():
+    from backend.secuscan.sandbox_executor import resolve_sandbox_config
+    resolved = resolve_sandbox_config(
+        SandboxConfig(timeout_seconds=999, max_memory_mb=2048)
+    )
+    assert resolved.timeout_seconds == 999
+    assert resolved.max_memory_mb == 2048
+    assert resolved.max_output_bytes == 5_242_880
diff --git a/testing/backend/unit/test_executor.py b/testing/backend/unit/test_executor.py
index 678ae09b..24a02e1c 100644
--- a/testing/backend/unit/test_executor.py
+++ b/testing/backend/unit/test_executor.py
@@ -194,6 +194,7 @@ async def raise_cancelled(*args, **kwargs):
         mock_plugin.name = "nmap"
         mock_plugin.presets = {}
         mock_plugin.docker_image = None
+        mock_plugin.sandbox = None
         mock_pm.return_value.get_plugin.return_value = mock_plugin
         mock_pm.return_value.build_command.return_value = ["nmap", "127.0.0.1"]
 
@@ -237,7 +238,7 @@ async def test_execute_task_releases_limiter_on_normal_completion(setup_test_env
     executor = TaskExecutor()
 
     async def fake_command(*args, **kwargs):
-        return "80/tcp open http", 0
+        return "80/tcp open http", 0, None
 
     with patch.object(executor, "_execute_command", side_effect=fake_command), \
          patch("backend.secuscan.executor.concurrent_limiter") as mock_limiter, \
@@ -252,6 +253,7 @@ async def fake_command(*args, **kwargs):
         mock_plugin.output = {"parser": "builtin_nmap", "format": "text"}
         mock_plugin.category = "Network"
         mock_plugin.id = "nmap"
+        mock_plugin.sandbox = None
         mock_pm.return_value.get_plugin.return_value = mock_plugin
         mock_pm.return_value.build_command.return_value = ["nmap", "127.0.0.1"]
         mock_pm.return_value.plugins_dir = MagicMock()