hermes-agent-optimization

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). Most URLs are local, official vendor, or documentation endpoints used for deployment and self-hosting, but the skill explicitly urges executing a raw GitHub script via "curl … raw.githubusercontent.com | sudo bash" (direct remote script execution) which is a high‑risk vector for malware distribution and abuse of local/internal services.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly accepts and processes untrusted public content — e.g., platform gateways (Telegram/Discord/Slack chat messages), a generic webhook endpoint with verify_signature: false, and MCP servers that perform web search (brave) and headless browser scraping (playwright) — all of which the agent is expected to read and can materially influence tool use and decisions, enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill includes a one-line VPS bootstrap that runs remote code via curl -sSL https://raw.githubusercontent.com/OnlyTerp/hermes-optimization-guide/main/scripts/vps-bootstrap.sh | sudo bash, which fetches and immediately executes a script from raw.githubusercontent.com at runtime (high-risk remote code execution).

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs running sudo commands and changing system-wide configuration (curl | sudo bash bootstrap, systemd service management, UFW/fail2ban, creating users, editing Caddy/system files, etc.), which request privileged, state-changing operations on the host.