Running Python code from untrusted sources, including code written by LLMs.

I see, the way I would approach is it by running a client on in a specific python env on an incus instance, with LLM hosted either on the host or another seperate an incus instance. Lately been addicted to sandboxing apps in incus, specifically for isolated vpn tunnels, and automating certain web access.