there's nothing in the container except for the wireguard startup script, and the macaroon is just for generating invoices. Even if there was an exploit it's hard to see what they could do with it.