** DISPUTED ** Virtualenv 16.0.0 allows a sandbox escape via "python $" and "python $" commands. NOTE: the software maintainer disputes this because the Python interpreter in a virtualenv is supposed to be able to execute arbitrary code.