fix: doc

src/builtins/danger_zone.rs

@@ -126,8 +126,14 @@ impl RuleSet for ForkAndExec {
     }
 }
 
-/// [`Pipes`] is in the danger zone because it can be used to send input to another process. That process will still be under seccomp's restrictions (see
+/// [`Pipes`] is in the danger zone because it can be used create a pipe for IPC.
+/// That process will still be under seccomp's restrictions (see
 /// `tests/inherit_filters.rs`) but depending on your filter it could still do bad things.
+///
+/// # Security Considerations
+///
+/// An attacker could pipe arbitrary data to a vulnerable utility and attempt
+/// to escape the sandbox.
 pub struct Pipes;
 impl RuleSet for Pipes {
     fn simple_rules(&self) -> Vec<Sysno> {