docs: add security warnings to http_request and file_editor vended tools

site/src/content/docs/user-guide/concepts/tools/vended-tools.mdx

@@ -37,7 +37,7 @@ Gives your agent the ability to read and modify files on disk — useful for cod
 _Supported in: Node.js only._
 
 :::caution[Security Warning]
-This tool reads and writes files with the full permissions of the Node.js process. Only use with trusted input and consider running in a sandboxed environment for production.
+This tool reads and writes files at arbitrary absolute paths with the full permissions of the Node.js process. Only use with trusted input and consider running in a sandboxed environment (containers, VMs) for production.
 :::
 
 **Example:**
@@ -57,6 +57,10 @@ Lets your agent call external APIs and fetch web content. Supports all HTTP meth
 
 _Supported in: Node.js 20+, modern browsers._
 
+:::caution[Security Warning]
+This tool makes HTTP requests to arbitrary URLs without restrictions on destination. Only use with trusted input and consider running in a sandboxed environment (containers, VMs) for production.
+:::
+
 **Example:**
 ```typescript
 --8<-- "user-guide/concepts/tools/vended-tools-imports.ts:http_request_import"

strands-ts/src/vended-tools/file-editor/README.md

@@ -2,6 +2,15 @@
 
 A filesystem editor tool for viewing, creating, and editing files programmatically. Provides string replacement, line insertion, and directory viewing with security validation.
 
+## ⚠️ Security Warning
+
+**This tool reads and writes files at arbitrary absolute paths without sandboxing or workspace restrictions.**
+
+- Only use with trusted input
+- File operations execute with the full permissions of the Node.js process
+- For production deployments, consider running in a sandboxed environment (containers, VMs, etc.)
+- Never expose this tool to untrusted users or untrusted prompt input without additional security measures
+
 ## Features
 
 - **View files** with line numbers and optional line range support

strands-ts/src/vended-tools/http-request/README.md

@@ -2,6 +2,15 @@
 
 A cross-platform HTTP request tool for making HTTP requests to external APIs from Strands agents.
 
+## ⚠️ Security Warning
+
+**This tool makes HTTP requests to arbitrary URLs without restrictions on destination.**
+
+- Only use with trusted input
+- Requests execute with the network access of the host process
+- For production deployments, consider running in a sandboxed environment (containers, VMs, etc.)
+- Never expose this tool to untrusted users or untrusted prompt input without additional security measures
+
 ## Features
 
 - **All HTTP Methods**: Supports GET, POST, PUT, DELETE, PATCH, HEAD, and OPTIONS