hermes-atropos-environments
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions and usage patterns involve significant use of command-line tools. The
compute_rewardmethod inSKILL.mdutilizesctx.terminal("pytest /workspace/test.py")to execute shell commands for verifying agent outputs. Additionally,usage-patterns.mdprovides multiple CLI examples for running the environments inserve,process, andevaluatemodes, which involve executing local Python scripts and managing virtual environments. - [EXTERNAL_DOWNLOADS]: The skill describes using the
datasetslibrary in thesetup()method of environments to fetch data from Hugging Face. It also integrates with Weights & Biases (wandb) for logging training and evaluation metrics, which are standard practices and utilize well-known services. - [DATA_EXFILTRATION]: The skill provides clear guidance on handling sensitive information, specifically instructing users to use environment variables for the
OPENROUTER_API_KEYrather than hardcoding credentials. This is a positive security practice for managing external API access. - [INDIRECT_PROMPT_INJECTION]: The skill defines a framework where untrusted data is ingested from external datasets and subsequently used to generate prompts for an AI agent.
- Ingestion points: External data is loaded via
datasets.load_datasetin thesetup()method (SKILL.md). - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are implemented in the
format_promptlogic. - Capability inventory: The environment includes capabilities to execute shell commands via
ctx.terminalin thecompute_rewardfunction and runs a multi-turn agent loop in theevaluatemethod (SKILL.md). - Sanitization: There is no mention of sanitizing or escaping the content retrieved from external datasets before it is presented to the agent.
Audit Metadata