GHSA-p69m-4f92-2v84: PraisonAI: Remote Code Execution via Sandbox Escape in `codeMode` Tool

The codeMode tool in src/praisonai-ts/src/tools/builtins/code-mode.ts uses new Function() with a with(sandbox) pattern to execute LLM-generated code. The blocklist-based “sandbox” can be trivially bypassed via Function('return this')() to recover the global object, followed by global.require() with string concatenation to evade the blocklist regex. This allows full arbitrary code execution on the host system. This affects all deployments where the code-mode tool is enabled for agents.