hermes-agent/website/docs
Teknium 789f8b7dc2
docs(webhook): clarify authenticated != trusted-content trust model (#53562)
HMAC validation authenticates the webhook sender, not the business
fields inside the payload (PR titles, commit messages, issue bodies),
which are authored by untrusted third parties. Expand the prompt-
injection section to make the trust boundary explicit: the agent's
capability surface, not the input channel. Document the hardening
levers (sandbox the runtime, scope the toolset, keep approvals on,
template narrowly) instead of pretending to sanitize untrusted text.

Refs #8820.
2026-06-27 03:43:33 -07:00
..
developer-guide feat(docs): clarify platform support 2026-06-26 11:37:56 -07:00
getting-started feat(docs): clarify termux/nix as t2 platforoms 2026-06-26 11:37:56 -07:00
guides docs(nix): mark Nix/NixOS as no longer explicitly supported (#52975) 2026-06-26 10:17:43 -07:00
integrations feat(providers): remove google-gemini-cli + google-antigravity OAuth providers (#50492) 2026-06-21 19:53:27 -07:00
reference feat(moa): make /moa one-shot only; route preset switching through the model picker 2026-06-27 03:09:09 -07:00
user-guide docs(webhook): clarify authenticated != trusted-content trust model (#53562) 2026-06-27 03:43:33 -07:00
index.mdx feat(docs): clarify platform support 2026-06-26 11:37:56 -07:00
user-stories.mdx docs(website): add User Stories and Use Cases collage page (#18282) 2026-04-30 23:56:59 -07:00