diff --git a/.changeset/wide-flat-new.md b/.changeset/wide-flat-new.md
new file mode 100644
index 0000000..8ad8de8
--- /dev/null
+++ b/.changeset/wide-flat-new.md
@@ -0,0 +1,6 @@
+---
+"@prodisco/sandbox-server": patch
+"@prodisco/mcp-server": patch
+---
+
+Prevent environment variable leaks from sandbox execution. Sandbox code now gets a frozen empty process.env instead of the host's real environment variables. Added defense-in-depth output filter that blocks execution if sensitive env var values appear in output.