hermes-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly enables fetching and ingesting arbitrary public web content and third‑party services (e.g., web_search/firecrawl_scrape and browser_* tools in references/cli-commands.md and SKILL.md, MCP fetch/github clients in references/mcp-integration.md, and it clones external code from GitHub in scripts/install_hermes.sh), and that retrieved untrusted/user-generated content is used as input to Hermes runs and delegated tasks which can change tool use and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The install script (scripts/install_hermes.sh) clones and installs remote code from https://github.com/NousResearch/hermes-agent.git during setup, which fetches and executes external code that the Skill depends on, so this URL is a high-confidence runtime risk.