The design for sandbox access authorization uses the ExecutorInfo associated with the task as the main authorization space and the FrameworkInfo as a secondary one. This allows module writes to use fields such a labels for authorization.
When a task uses the command executor it doesn't provide an ExecutorInfo, but the info object is generated automatically inside the agent. As such, information which could be used for authorization (e.g. labels) is not available for authorization.