hermes-agent-framework

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documentation explicitly enables and uses a WebSearchTool (e.g., "assistant.enable_tool(WebSearchTool())" and the "Knowledge Assistant" / config sections that enable "web_search") and shows workflows where the agent "researches topics using web search" and ingests that public web content into semantic memory and downstream tasks, which clearly exposes it to untrusted third-party content that can influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The Quick Start explicitly instructs fetching and installing remote code via git clone https://github.com/NousResearch/hermes-agent.git and then running the package (e.g., python -m hermes_agent), so that external repository would be fetched and executed as a required dependency.