.install files do not validate whether they are inside the package area, and so can bypass sandboxing.
In a package.install file, this installs a file as `~/.bashrc:
bin: [
"payload.sh" {"../../../.bashrc"}
]
{
"osv": "https://github.com/ocaml/security-advisories/tree/generated-osv/2026/OSEC-2026-03.json",
"cwe": [
"CWE-693"
],
"human_link": "https://github.com/ocaml/security-advisories/tree/main/advisories/2026/OSEC-2026-03.md"
}