Node.js Sandbox MCP Server vulnerability can lead to Sandbox Escape via Command Injection