awesome-hermes-agent-ecosystem
Warn
Audited by Snyk on May 16, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to clone and use community GitHub repos and to use MCP github/filesystem servers (e.g., multiple git clone commands, "use github MCP to list open PRs", and "observe my next 3 git workflows and create a skill"), which causes the agent to fetch and read untrusted, user-generated content from public sites that can influence decisions and tool actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill explicitly runs remote installer code at runtime (curl -fsSL https://hermes-agent.nousresearch.com/install.sh | bash) and instructs cloning and running the hermes-agent repo (https://github.com/NousResearch/hermes-agent then npm install && npm start), which fetches and executes external code that directly controls the agent environment.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata