skills/aradotso/hermes-skills/hermes-agent-mission-control/Snyk

hermes-agent-mission-control

Warn

Audited by Snyk on May 16, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.80). The SKILL.md includes workflow examples where Minions runs autonomous Hermes tasks that fetch and analyze public websites (e.g., "Analyze competitor pricing pages" and the routine "Check GitHub stars and create summary report"), which implies the agent will ingest untrusted, user-generated/open web content as part of its execution.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The README tells users to run "npx minionsai", which at runtime fetches and executes code from the npm registry (e.g. https://registry.npmjs.org/minionsai or https://www.npmjs.com/package/minionsai), so remote content is executed and is a required runtime dependency.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

May 16, 2026, 11:47 PM

Issues

2

Security Audit — snyk — hermes-agent-mission-control