hermes-agent-guide

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly shows the agent using WebSearchTool/WebScrapingTool (Web & Network Tools) and SkillsHub/community skill installs — including a CustomResearchSkill that queries/arxiv.org and scholar.google.com and scrapes arbitrary URLs — so the agent fetches and ingests untrusted public web content that can influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The guide instructs cloning and running the repository from https://github.com/NousResearch/hermes-agent.git (git clone ... then running main.py / systemd ExecStart), which fetches remote code and then executes it as part of setup/runtime, so this external URL constitutes a runtime dependency that can execute remote code.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). Yes — the guide contains explicit commands that use sudo and that create/enable a systemd service under /etc/systemd/system (modifying system files), which instructs modifying the host system state and requires elevated privileges.