hermes-agent/.github
emozilla 2abe11a7fe security(ci): pass untrusted refs through env, not run: interpolation
lint.yml inlined github.head_ref (the fork PR branch name, attacker-
controlled) into the diff-summary run: block. GitHub expands ${{ }} into
the script text before bash tokenizes it, so a branch like x$(id) runs on
the lint runner. The pull_request trigger keeps the token read-only, but
the sink still allows CI resource abuse and cache/artifact tampering, and
would become RCE-with-secrets under pull_request_target.

Route head_ref through an env var (env values are not subject to expression
injection) and reference "$HEAD_REF". Apply the same to the two docker.yml
sites that interpolate github.event.release.tag_name.

Fixes GHSA-jpw6-c7jr-c56v, GHSA-2843-hjmf-7x96.
Credit: @technotion, @youngstar-eth.
2026-07-03 12:44:30 -04:00
..
actions change(ci): migrate docker smoketests to real tests 2026-06-26 19:15:18 -07:00
ISSUE_TEMPLATE feat: add openrouter/elephant-alpha to curated model lists (#9378) 2026-04-13 21:16:14 -07:00
pr-screenshots feat(billing): /billing terminal billing — interactive TUI + CLI client (#45449) 2026-06-19 01:53:32 +05:30
workflows security(ci): pass untrusted refs through env, not run: interpolation 2026-07-03 12:44:30 -04:00
dependabot.yml chore(security): add OSV-Scanner CI + Dependabot for github-actions only (#20037) 2026-05-04 20:58:21 -07:00
PULL_REQUEST_TEMPLATE.md docs: add documentation & housekeeping checklist to PR template 2026-03-05 07:23:52 -08:00