Certainly an interesting vulnerability, but one you shouldn't worry about.
If you do really care about sandbox security, the first thing I would recommend doing is globally blocking filesystem access to anywhere in your $HOME that runs script code, such as:
- bash files like ~/.bashrc and ~/.bash_profile
- ~/.local/bin and ~/bin
- ~/.ssh
I have a script that I use to control flatpak overrides and I do something like this:
# paths to block
GLOBAL_RESTRICTION_PATHS=(
"~/.bash_logout"
"~/.bash_profile"
"~/.bashrc"
"~/.profile"
"~/.ssh"
"~/.zshenv"
"xdg-config/zsh"
"~/.local/bin"
"xdg-config/systemd"
)
# globally block these paths
for path in "${GLOBAL_RESTRICTION_PATHS[@]}"; do
flatpak --user override --nofilesystem="$path"
done
# but allow some apps like text editors to access them
for path in "${GLOBAL_RESTRICTION_PATHS[@]}"; do
flatpak --user override --filesystem="$path" org.gnome.TextEditor
done