- Code is executed inside a secure WebAssembly sandbox.
- WebAssembly modules are not shared across executions.
- By default, code sandboxes have no filesystem or network access.
- Environment variables and command line arguments must be explicitly passed into the sandbox.
- Every execution is subject to resource limits.
- Script inputs and outputs are not logged.