hera
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill ingests untrusted data from the Hera API which an agent may process as instructions. 1. Ingestion points: Log details retrieved via 'query_log_detail' in 'SKILL.md'. 2. Boundary markers: None documented. 3. Capability inventory: Python execution and network requests. 4. Sanitization: No evidence of instruction filtering or log content sanitization.
- Data Exposure & Exfiltration (MEDIUM): The 'api_url' parameter and 'HERA_LOG_DETAIL_API_URL' environment variable allow redirecting requests to arbitrary endpoints, which could be used to leak query parameters or sensitive metadata.
- Unverifiable Dependencies (LOW): The skill imports core logic from 'scripts/hera_log_detail_query.py', which is not included in the provided source for verification.
Audit Metadata