hermes-history-ingest
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data from Hermes history, which represents an indirect prompt injection surface as previous session logs or memories could contain adversarial instructions.\n
- Ingestion points: Processes markdown, JSON, and JSONL files from
~/.hermes/memories/and~/.hermes/sessions/.\n - Boundary markers: The instructions command the agent to summarize and distill knowledge claims rather than quoting transcripts verbatim, serving as a functional boundary.\n
- Capability inventory: The agent performs file read operations on local history and file write/update operations on the Obsidian vault.\n
- Sanitization: Step 3 explicitly requires the redaction of API keys, tokens, passwords, and private identifiers, and warns against verbatim ingestion of potentially injected instructions.
Audit Metadata