hermes-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The upstream-tracker (scripts/upstream_tracker.py and the SKILL.md upstream section) explicitly fetches and parses public, user-authored files from the GitHub repo "nousresearch/hermes-agent" (via the GitHub API and raw.githubusercontent.com) and uses that untrusted content to generate fusion recommendations and pending diffs that influence the skill's actions, so third‑party content can materially affect agent decisions.