security: tighten Docker isolation and subprocess env

- Pin @playwright/mcp to 0.0.68 instead of @latest to prevent supply chain risk
- Restrict MCP subprocess env to allowlist (PATH, HOME, NODE_PATH, DISPLAY, XDG_*) instead of spreading process.env
- Add path traversal guard to @include() directive in prompt templates
- Bind all Docker ports to 127.0.0.1 to prevent network exposure
- Remove ipc: host — shm_size: 2gb already covers Chromium shared memory needs
- Add prompt injection disclaimer for untrusted repositories to README
This commit is contained in:
ajmallesh
2026-03-06 17:06:07 -08:00
parent 01165382ed
commit 023cc953db
4 changed files with 45 additions and 14 deletions
+7
View File
@@ -677,6 +677,13 @@ Shannon is designed for legitimate security auditing purposes only.
Windows Defender may flag files in `xben-benchmark-results/` or `deliverables/` as malware. These are false positives caused by exploit code in the reports. Add an exclusion for the Shannon directory in Windows Defender, or use Docker/WSL2.
#### **7. Prompt Injection Risk from Untrusted Repositories**
Shannon feeds repository source code into LLM prompts for white-box analysis. A malicious repository can embed adversarial instructions in comments, strings, or documentation that hijack agent behavior.
> [!WARNING]
> **Do not scan repositories from untrusted sources.** Only scan repositories you own, trust, or have reviewed for adversarial content.
## 📜 License