Ohh, good point about git hooks as a container escape vector! I probably should add `-v $PWD/.git:$PWD/.git:ro` for that (bind-mount .git as read-only).