hermes-agent

mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-05-02 02:01:47 +00:00

History

tekelala fbb1923fad fix(security): patch path traversal, size bypass, and prompt injection in document processing - Sanitize filenames in cache_document_from_bytes to prevent path traversal (strip directory components, null bytes, resolve check) - Reject documents with None file_size instead of silently allowing download - Cap text file injection at 100 KB to prevent oversized prompt payloads - Sanitize display_name in run.py context notes to block prompt injection via filenames - Add 35 unit tests covering document cache utilities and Telegram document handling Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>		2026-02-27 11:53:46 -05:00
..
__init__.py	Enhance CLI with multi-platform messaging integration and configuration management	2026-02-02 19:01:51 -08:00
base.py	fix(security): patch path traversal, size bypass, and prompt injection in document processing	2026-02-27 11:53:46 -05:00
discord.py	feat: unify set-home command naming across platforms	2026-02-23 15:01:22 -08:00
slack.py	refactor: enhance API interaction and message handling in AIAgent	2026-02-21 04:17:27 -08:00
telegram.py	fix(security): patch path traversal, size bypass, and prompt injection in document processing	2026-02-27 11:53:46 -05:00
whatsapp.py	add full support for whatsapp	2026-02-25 21:04:36 -08:00