A recent client project (an OS X app) had some functionality that included acquiring the path to the frontmost Finder window. The only way to get that path is via AppleScript:

tell application "Finder"
    set frontpath to POSIX path of (target of window 1 as alias)
end tell

Using AppleScript in a sandboxed app requires an entitlement. The official one is “com.apple.security.scripting-targets”, but, unfortunately, some system-level applications have not been enhanced to support that entitlement (e.g., Mail has whereas Finder has not). This means that a temporary entitlement must be used instead: “com.apple.security.temporary-exception.apple-events”.

Here’s what happens when you use that:

Radar 24841953 filed for an enhancement to Finder to allow interaction within a sandboxed, Mac App Store app.