Skills
skills/aradotso/ai-agent-skills/hermes-agent-self-evolution/Gen Agent Trust Hub

hermes-agent-self-evolution

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Downloads the evolution framework from the NousResearch GitHub repository.
  • [REMOTE_CODE_EXECUTION]: Generates and executes new skill and prompt variants during the optimization cycles.
  • [COMMAND_EXECUTION]: Instructs the user to run installation and execution commands via the terminal.
  • [DATA_EXFILTRATION]: Reads session history from the local database at ~/.hermes/sessions.db to use as evaluation data for API-based optimization.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by ingesting untrusted session data that influences the generation of future agent instructions.
  • Ingestion points: Reads interaction data from ~/.hermes/sessions.db.
  • Boundary markers: None identified in the optimization pipeline documentation.
  • Capability inventory: Executes shell commands, generates code variants, and creates GitHub Pull Requests.
  • Sanitization: No input sanitization or validation of session data is described.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 08:09 PM
Security Audit — agent-trust-hub — hermes-agent-self-evolution