How do non running utilities increase attack surface? If you're able to execute inside the container couldn't you just write whatever utilities you want in?
There are many exploits that may give one the ability to execute shell commands. If there is no shell or commands to even write a file in the first place, mobility becomes limited.