The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/run-ascend-container.sh is vulnerable to shell command injection. Variables such as $IMAGE, $CONTAINER_NAME, and $DEVICE_ARGS are used unquoted within the docker run command, allowing an attacker to inject and execute arbitrary shell commands on the host system.- [COMMAND_EXECUTION]: The script defaults to running containers with the --privileged flag. This grants the container root-level access to the host kernel and hardware, bypassing standard security isolation.- [COMMAND_EXECUTION]: Use of --net=host and --ipc=host in the container setup removes network and inter-process communication isolation, allowing the container to interact directly with host services.- [DATA_EXFILTRATION]: The script automatically mounts the host's /home directory into the container. This exposes all user files and credentials stored in home directories to any process running within the container environment.- [COMMAND_EXECUTION]: Critical host system paths such as /usr/local/sbin are mounted into the container. In 'full' mode, these mounts are not read-only, potentially enabling a container process to overwrite host system binaries.- [EXTERNAL_DOWNLOADS]: The documentation references images from ascendhub.huawei.com, which is an official source for Ascend NPU software.

ascend-docker