hermes-agent-architecture

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly ingests untrusted third-party content at runtime — e.g., the Platforms Gateway DiscordAdapter routes arbitrary user messages (message.content) into the Hermes agent, the config/tooling includes web_search and browser tools (duckduckgo/playwright), and the "Context References" section shows @url injection of external webpages — any of which the agent will read/interpret and could materially influence tool use or actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The installation instructions tell users to git clone and then run the repository (git clone https://github.com/NousResearch/hermes-agent.git followed by python -m hermes.cli), which fetches remote code and executes it—allowing that external URL to deliver code that directly controls the agent/runtime.