That’s correct. All the builtins.fetch* functions are un-sandboxed so they can use the user’s regular credentials without any special hacks.
Also worth mentioning that since yesterday builtins.fetchGit has submodule support.
7 Likes