From “How it works” in the readme:

> yolobox uses container isolation (Docker or Podman) as its security boundary…

I have no issue with running agents in containers FWIW, just in framing it as a security feature.

> what vectors are you expecting the LLM to use to break out?

You can just search for “Docker CVE”.

Here is one later last year, just for an example: https://nvd.nist.gov/vuln/detail/CVE-2025-9074