Teknium 7f78deebe7 fix: apply same path traversal checks to config-based credential files ...

_load_config_files() had the same hermes_home / item pattern without
containment checks. While config.yaml is user-controlled (lower threat
than skill frontmatter), defense in depth prevents exploitation via
config injection or copy-paste mistakes.

2026-03-31 12:16:37 -07:00

13 KiB

Raw Blame History

View Raw