hermes-agent/.github/workflows
emozilla 2abe11a7fe security(ci): pass untrusted refs through env, not run: interpolation
lint.yml inlined github.head_ref (the fork PR branch name, attacker-
controlled) into the diff-summary run: block. GitHub expands ${{ }} into
the script text before bash tokenizes it, so a branch like x$(id) runs on
the lint runner. The pull_request trigger keeps the token read-only, but
the sink still allows CI resource abuse and cache/artifact tampering, and
would become RCE-with-secrets under pull_request_target.

Route head_ref through an env var (env values are not subject to expression
injection) and reference "$HEAD_REF". Apply the same to the two docker.yml
sites that interpolate github.event.release.tag_name.

Fixes GHSA-jpw6-c7jr-c56v, GHSA-2843-hjmf-7x96.
Credit: @technotion, @youngstar-eth.
2026-07-03 12:44:30 -04:00
..
ci.yml feat(ci): add CI timing report 2026-06-29 19:07:00 -07:00
contributor-check.yml ci: refactor paths & clones 2026-06-23 09:30:50 -07:00
deploy-site.yml fix(docs): reuse healthy skills index during Pages deploys (#45616) 2026-06-13 06:46:07 -07:00
docker-lint.yml change(ci): docker-publish.yml -> docker.yml 2026-06-26 19:15:18 -07:00
docker.yml security(ci): pass untrusted refs through env, not run: interpolation 2026-07-03 12:44:30 -04:00
docs-site-checks.yml ci: refactor paths & clones 2026-06-23 09:30:50 -07:00
history-check.yml ci: refactor paths & clones 2026-06-23 09:30:50 -07:00
lint.yml security(ci): pass untrusted refs through env, not run: interpolation 2026-07-03 12:44:30 -04:00
osv-scanner.yml ci: refactor paths & clones 2026-06-23 09:30:50 -07:00
skills-index-freshness.yml feat(skills-hub): health checks, freshness badge, and a watchdog cron (#32345) 2026-05-25 23:10:45 -07:00
skills-index.yml change(ci): upload-artifact from v4 -> v7 2026-06-26 19:15:18 -07:00
supply-chain-audit.yml ci: refactor paths & clones 2026-06-23 09:30:50 -07:00
tests.yml change(ci): slice files in matrix job 2026-06-26 19:15:18 -07:00
typecheck.yml change(ci): pretty names 2026-06-26 19:15:18 -07:00
upload_to_pypi.yml change(ci): upload-artifact from v4 -> v7 2026-06-26 19:15:18 -07:00
uv-lockfile-check.yml change(ci): update all UV installs 2026-06-26 19:15:18 -07:00