common/hermes
2
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

security: restrict default webhook toolset capabilities (#30745)

Browse Source
This commit is contained in:
Teknium
2026-05-24 04:24:54 -07:00
committed by GitHub
parent c3caca6584
commit e4a1220f83
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
toolsets.py
View File

@@ -72,6 +72,16 @@ _HERMES_CORE_TOOLS = [
"computer_use", "computer_use",
] ]
# Webhook events may originate from untrusted third-party content (for example,
# public PR titles/comments). Keep the default webhook toolset intentionally
# constrained to avoid local file/system execution by prompt injection.
_HERMES_WEBHOOK_SAFE_TOOLS = [
"web_search",
"web_extract",
"vision_analyze",
"clarify",
]
# Core toolset definitions # Core toolset definitions
# These can include individual tools or reference other toolsets # These can include individual tools or reference other toolsets
@@ -523,7 +533,7 @@ TOOLSETS = {
"hermes-webhook": { "hermes-webhook": {
"description": "Webhook toolset - receive and process external webhook events", "description": "Webhook toolset - receive and process external webhook events",
"tools": _HERMES_CORE_TOOLS, "tools": _HERMES_WEBHOOK_SAFE_TOOLS,
"includes": [] "includes": []
}, },