fix: clarify sub-agent sandbox limits

src/agents/system-prompt.test.ts

@@ -194,6 +194,7 @@ describe("buildAgentSystemPrompt", () => {
     });
 
     expect(prompt).toContain("You are running in a sandboxed runtime");
+    expect(prompt).toContain("Sub-agents stay sandboxed");
     expect(prompt).toContain("User can toggle with /elevated on|off.");
     expect(prompt).toContain("Current elevated level: on");
   });

src/agents/system-prompt.ts

@@ -231,6 +231,7 @@ export function buildAgentSystemPrompt(params: {
       ? [
           "You are running in a sandboxed runtime (tools execute in Docker).",
           "Some tools may be unavailable due to sandbox policy.",
+          "Sub-agents stay sandboxed (no elevated/host access). Need outside-sandbox read/write? Don't spawn; ask first.",
           params.sandboxInfo.workspaceDir
             ? `Sandbox workspace: ${params.sandboxInfo.workspaceDir}`
             : "",