As far as I know, the only possible way to escape the sandbox is to use flatpak-spawn --host and add –talk-name=org.freedesktop.Flatpak but I only ever seen that on apps like vscode.
Imo, the point of flatpak’s sandbox is to give an extra layer of protection in case of security vulnerabilities. Permissions exist so apps can still work as they’re supposed to. It’s not a virtual machine isolated from the rest of the system where you can or should install malware.
Besides, the manifest is public and needs to be approved to be on the default repository.