[crabbone]

Yes and no.

The problem of audit of third-party code is real. Especially because of the way GitHub allows embedding it in users' code: it's not centralized, doesn't require signatures / authentication.

But, I think, the real security-minded approach here should be at the container infrastructure level. I.e. security policies should apply to things like container network in the way similar to security groups in popular cloud providers, or executing particular system calls, or accessing filesystem paths.

Restrictions on the level of what actions can be mentioned in the "manifest" are just a bad approach that's not going to stop anyone.