Google-managed Python execution environment file in Cloud Run that attacker overwrites with a modified version to intercept all Code Block executions, exfiltrate conversation data, and inject phishing prompts persistently