awesome-hermes-agent-ecosystem

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and read public, user-generated content (e.g., git clone of public GitHub repos, "hermes 'review PR #123 on GitHub'", "use the youtube search skill", Discord/Telegram links), so the agent would ingest untrusted third‑party content that could influence actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill includes explicit instructions to write a systemd unit into /etc/systemd/system and to run sudo systemctl enable/start (modifying system files and requiring elevated privileges), so it directs actions that change the machine's state.