Is there a detection component here too? Sandboxing development is great, but the next step is to deploy to production. How do you know if something malicious happened in the sandbox, such that you don't deploy the malware further?
I have some ideas around it.
And indeed that's one likely direction of this project in the future.