hermes-agent-control-room

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's core Task Bus workflow writes tasks (e.g., "Audit SEO for example.com" to /srv/agent-bus/inbox/...) and specialist agents (e.g., hermes-seo) are explicitly expected to perform web research/Ahrefs audits against arbitrary public sites whose content the orchestrator reads and synthesizes, so untrusted third-party webpages can materially influence agent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill instructs actions that modify system state and require root/sudo (clone into /root, write under /srv, install packages, run ufw and systemctl/docker commands, create backups in /root), so an agent following it could change the host machine's configuration and services.