awesome-hermes-agent-ecosystem
Fail
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and executes the Hermes Agent installation script from the project's official domain (hermes-agent.nousresearch.com) using a shell pipe.
- [EXTERNAL_DOWNLOADS]: References numerous third-party GitHub repositories (e.g., wondelai/skills, 42-evey/hermes-plugins) for community extensions, which requires cloning and running code from unverified sources.
- [COMMAND_EXECUTION]: Provides implementation templates and instructions for skills that perform arbitrary shell commands (e.g., ripgrep, fd, docker) based on user-supplied triggers.
- [DATA_EXFILTRATION]: Documents the configuration and use of messaging gateways (Telegram, Slack, Discord) and cloud integrations (Nextcloud, Spotify), which involve the handling of sensitive API credentials and the potential transmission of user data.
- [PROMPT_INJECTION]: Identifies a significant attack surface for indirect prompt injection due to the skill's focus on processing external data.
- Ingestion points: Untrusted content from messaging platforms, Nextcloud storage, and GitHub repository metadata (PRs, issues).
- Boundary markers: Examples provided do not include specific delimiters or directives to ignore embedded instructions in retrieved data.
- Capability inventory: The ecosystem provides tools for shell execution, file system modification, and network requests.
- Sanitization: Implementation guides lack examples of input sanitization or content validation for data processed from third-party integrations.
Recommendations
- HIGH: Downloads and executes remote code from: https://hermes-agent.nousresearch.com/install.sh - DO NOT USE without thorough review
Audit Metadata