security: tighten Docker isolation and subprocess env
- Pin @playwright/mcp to 0.0.68 instead of @latest to prevent supply chain risk - Restrict MCP subprocess env to allowlist (PATH, HOME, NODE_PATH, DISPLAY, XDG_*) instead of spreading process.env - Add path traversal guard to @include() directive in prompt templates - Bind all Docker ports to 127.0.0.1 to prevent network exposure - Remove ipc: host — shm_size: 2gb already covers Chromium shared memory needs - Add prompt injection disclaimer for untrusted repositories to README
This commit is contained in:
@@ -677,6 +677,13 @@ Shannon is designed for legitimate security auditing purposes only.
|
||||
|
||||
Windows Defender may flag files in `xben-benchmark-results/` or `deliverables/` as malware. These are false positives caused by exploit code in the reports. Add an exclusion for the Shannon directory in Windows Defender, or use Docker/WSL2.
|
||||
|
||||
#### **7. Prompt Injection Risk from Untrusted Repositories**
|
||||
|
||||
Shannon feeds repository source code into LLM prompts for white-box analysis. A malicious repository can embed adversarial instructions in comments, strings, or documentation that hijack agent behavior.
|
||||
|
||||
> [!WARNING]
|
||||
> **Do not scan repositories from untrusted sources.** Only scan repositories you own, trust, or have reviewed for adversarial content.
|
||||
|
||||
|
||||
## 📜 License
|
||||
|
||||
|
||||
Reference in New Issue
Block a user