hermes-agent-framework

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly configures and uses web-facing tools (e.g., WebSearch(api_key=${SERPER_API_KEY}) in "Tool Integration" and Real-World Examples, plus CustomAPI/GitHub/pdf-reader integrations) and demonstrates workflows where the agent searches, ingests, and acts on public web/repository content (e.g., "Search for the latest Python best practices", "Index all PDF files", "Clone the repository at github.com/..."), so it will read and interpret untrusted third-party content that can influence tool use and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The Quick Start explicitly runs "git clone https://github.com/NousResearch/hermes-agent.git" followed by "python -m hermes init" / "python -m hermes start", which fetches remote code from that GitHub URL and then executes it as a required installation/runtime step, allowing external code to control agent behavior.