fix: use correct 'content' key in AgentEngineSandboxCodeExecutor input files

[Thapza888]

Fixes the same root cause as #5505 which was missed in agent_engine_sandbox_code_executor.py.

Root Cause

AgentEngineSandboxCodeExecutor builds input file payloads with key 'contents' (plural), but the Vertex AI SDK (sandboxes.py) reads 'content' (singular). This causes file.get("content", b"") to always return empty bytes -- all input files are silently created as zero bytes in the sandbox.

The executor returns SUCCESS, so the failure is completely silent.

What changed

'contents' to 'content' at line 183 of agent_engine_sandbox_code_executor.py.

Impact

Security policies, access-control templates, verification scripts, and boundary configuration files passed via input_files to the sandbox code executor are silently created as empty (zero-byte) resources. The sandbox executes untrusted code without the intended operational constraints. No error is raised -- the SUCCESS status blinds monitoring and logging.

Testing Plan

Added regression test test_execute_code_input_files_content_key that verifies execute_code is called with input_data containing the 'content' key (singular). The mock assertion explicitly checks:

expected_input_data = {
    "code": 'print("hello world")',
    "files": [
        {
            "name": "test.txt",
            "content": b"hello world",
            "mimeType": "text/plain",
        }
    ],
}
mock_api_client.agent_engines.sandboxes.execute_code.assert_called_once_with(
    name=...,
    input_data=expected_input_data,
)

Before the fix, this test fails because the code sends 'contents' instead of 'content'. After the fix, the test passes (will be verified in CI).

References

• PR fix: use correct 'content' key in sandbox code executor input files #5505 -- fixed same bug in other files, missed this one
• Issue AgentEngineSandboxCodeExecutor sends 'contents' but Vertex SDK reads 'content' — input file payload silently dropped #5500 -- original bug report
• Issue Security: AgentEngineSandboxCodeExecutor sends 'contents' instead of 'content', silently creating empty files #5824 -- security report (Google OSS VRP)

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[adk-bot]

Response from ADK Triaging Agent

Hello @Thapza888, thank you for submitting this pull request to fix the sandbox code executor!

To help us move forward with reviewing your contribution, please make sure the following guidelines from our Contribution Guidelines are met:

1. Sign the Contributor License Agreement (CLA): It looks like the CLA check has failed. Please visit Google Developers CLA to sign or verify your agreement.
2. Unit Tests & Test Results: Since this is a bug fix, please add or update unit tests (e.g., under tests/unittests/) to cover this change and prevent future regressions. Additionally, please run the tests locally and include a summary of passed pytest results in your PR description.

These steps help maintain high code quality and streamline the review process. Thanks again for your contribution!

[rohityan]

Hi @Thapza888 , Thank you for your contribution! It appears you haven't yet signed the Contributor License Agreement (CLA). Please visit https://cla.developers.google.com/ to complete the signing process. Once the CLA is signed, we'll be able to proceed with the review of your PR. Thank you!