hermes-history-ingest

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data from Hermes history, which represents an indirect prompt injection surface as previous session logs or memories could contain adversarial instructions.\n
  • Ingestion points: Processes markdown, JSON, and JSONL files from ~/.hermes/memories/ and ~/.hermes/sessions/.\n
  • Boundary markers: The instructions command the agent to summarize and distill knowledge claims rather than quoting transcripts verbatim, serving as a functional boundary.\n
  • Capability inventory: The agent performs file read operations on local history and file write/update operations on the Obsidian vault.\n
  • Sanitization: Step 3 explicitly requires the redaction of API keys, tokens, passwords, and private identifiers, and warns against verbatim ingestion of potentially injected instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 12:14 AM
Security Audit — agent-trust-hub — hermes-history-ingest