For temporary files, always use the `$TMPDIR` environment variable. TMPDIR is set to the same sandbox-writable directory for both sandboxed and unsandboxed commands. Do NOT use `/tmp` directly - use `$TMPDIR` instead.